[opensuse] Mails from openSUSE conferences failing to spam
Hi, I have problems with some mails from opensuse-factory@opensuse.org and opensuse@opensuse.org failing into spam. For example from yesterday from Michael Ströder (13:13) Re: [opensuse- factory] Friendly warning: Python 2 is going to be removed from Factory on 2020-01-02 X-Spamd-Bar: ++++++ X-Spam-Level: ****** X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=6.85 X-Spamd-Result: default: False [6.85 / 9.00]; GREYLIST(0.00)[pass,meta]; HAS_ATTACHMENT(0.00)[]; NEURAL_SPAM(0.00)[0.593,0]; MX_GOOD(-0.50)[cached: mx1.suse.de]; FORGED_SENDER(0.30)[michael@stroeder.com,opensuse- factory@opensuse.org]; RCVD_IN_DNSWL_FAIL(0.00) [15.220.135.195.list.dnswl.org:query refused]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:29298, ipnet:195.135.220.0/22, country:DE]; BAYES_HAM(-1.81)[93.89%]; TAGGED_FROM(0.00)[bounces-89961- vojtech.zeisek=opensuse.org]; FORGED_RECIPIENTS(2.00)[opensuse- factory@opensuse.org,vojta@trapa.cz]; ARC_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00) [michael@stroeder.com,opensuse-factory@opensuse.org]; FROM_HAS_DN(0.00)[]; SIGNED_SMIME(-2.00)[]; MID_RHS_MATCH_FROM(0.00)[]; PRECEDENCE_BULK(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[stroeder.com]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; AUTH_NA(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~,3:+]; TO_DN_EQ_ADDR_ALL(0.00)[]; R_SPF_NA(0.00) []; BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[8]; IP_SCORE(-1.93)[ip: (-5.16), ipnet: 195.135.220.0/22(-2.53), asn: 29298(-2.03), country: DE(0.07)] X-Rspamd-Queue-Id: C3F1660988FB X-Spam-Flag: YES X-Spam: Yes This mails also has invalid signature. Or from today from Mathias Homann (7:49) *** SPAM *** Re: [opensuse] How do I interpret this router advert? X-Spamd-Bar: +++++++ X-Spam-Level: ******* X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=7.20 X-Spamd-Result: default: False [7.20 / 9.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; GREYLIST(0.00)[pass,body]; TO_DN_NONE(0.00)[]; NEURAL_SPAM(0.00)[0.883,0]; MX_GOOD(-0.50)[cached: mx1.suse.de]; SIGNED_PGP(-2.00)[]; FORGED_SENDER(0.30) [Mathias.Homann@opensuse.org,opensuse@opensuse.org]; RCVD_IN_DNSWL_FAIL(0.00) [2.220.135.195.list.dnswl.org:query refused]; MIME_TRACE(0.00)[0:+,1:+,2:~,3: +]; R_DKIM_NA(0.00)[]; FORGED_RECIPIENTS(2.00) [opensuse@opensuse.org,vojta@trapa.cz]; FROM_NEQ_ENVFROM(0.00) [Mathias.Homann@opensuse.org,opensuse@opensuse.org]; HAS_X_AS(0.00)[]; ASN(0.00)[asn:29298, ipnet:195.135.220.0/22, country:DE]; ARC_NA(0.00)[]; TO_DOM_EQ_FROM_DOM(0.00)[]; TAGGED_FROM(0.00)[bounces-216650- vojtech.zeisek=opensuse.org]; FROM_HAS_DN(0.00)[]; PRECEDENCE_BULK(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; SUBJECT_ENDS_QUESTION(1.00)[]; DMARC_NA(0.00)[opensuse.org]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00) [1]; AUTH_NA(1.00)[]; RCVD_TLS_LAST(0.00)[]; BAYES_HAM(-3.00)[100.00%]; R_SPF_NA(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[10]; IP_SCORE(-1.89)[ip: (-4.94), ipnet: 195.135.220.0/22(-2.53), asn: 29298(-2.03), country: DE(0.07)] X-Rspamd-Queue-Id: 5D3626959202 X-Spam-Flag: YES Very often, mails with signatures are affected. Common case in past few days were mails by Carlos, e.g. from Friday 22:04 *** SPAM *** Re: [opensuse] Permission problem - I need another pair of eyes. X-Spamd-Bar: ++++++++ X-Spam-Level: ******** X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=8.79 X-Spamd-Result: default: False [8.79 / 9.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_REJECT(1.00)[gmx.net:s=badeba3b8450]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.50) [cached: mx1.suse.de]; DKIM_TRACE(0.00)[gmx.net:-]; CTYPE_MIXED_BOGUS(1.00)[]; FORGED_SENDER(0.30)[robin.listas@gmx.es,opensuse@opensuse.org]; RCVD_IN_DNSWL_FAIL(0.00)[2.220.135.195.list.dnswl.org:query refused]; MIME_TRACE(0.00)[0:+,1:+,2:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:29298, ipnet:195.135.220.0/22, country:DE]; BAYES_HAM(-3.00)[100.00%]; TAGGED_FROM(0.00)[bounces-216572-vojtech.zeisek=opensuse.org]; FORGED_RECIPIENTS(2.00)[opensuse@opensuse.org,vojta@trapa.cz]; ARC_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[robin.listas@gmx.es,opensuse@opensuse.org]; FROM_HAS_DN(0.00)[]; PRECEDENCE_BULK(0.00)[]; MIME_GOOD(-0.10)[multipart/ mixed,text/plain]; DMARC_NA(0.00)[gmx.es]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-1.90)[ip: (-4.97), ipnet: 195.135.220.0/22(-2.55), asn: 29298(-2.04), country: DE(0.07)]; R_SPF_NA(0.00) []; BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[10]; GREYLIST(0.00) [pass,body] X-Rspamd-Queue-Id: D3FF1602E33B X-Spam-Flag: YES But even from Dominique Leuenberger / DimStar (Monday, 14:34) *** SPAM *** Re: [opensuse-factory] Friendly warning: Python 2 is going to be removed from Factory on 2020-01-02 X-Spamd-Bar: ++++++++ X-Spam-Level: ******** X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=8.29 X-Spamd-Result: default: False [8.29 / 9.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; GREYLIST(0.00)[pass,meta]; TO_DN_NONE(0.00)[]; NEURAL_SPAM(0.00)[0.758,0]; MX_GOOD(-0.50)[cached: mx1.suse.de]; SIGNED_PGP(-2.00)[]; FORGED_SENDER(0.30) [dimstar@opensuse.org,opensuse-factory@opensuse.org]; RCVD_IN_DNSWL_FAIL(0.00) [2.220.135.195.list.dnswl.org:query refused]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; FORGED_RECIPIENTS(2.00)[opensuse- factory@opensuse.org,vojta@trapa.cz]; ASN(0.00)[asn:29298, ipnet: 195.135.220.0/22, country:DE]; TAGGED_FROM(0.00)[bounces-89935- vojtech.zeisek=opensuse.org]; TO_DOM_EQ_FROM_DOM(0.00)[]; ARC_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[dimstar@opensuse.org,opensuse-factory@opensuse.org]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; PRECEDENCE_BULK(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[opensuse.org]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; AUTH_NA(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~,3:+]; BAYES_HAM(-0.41)[77.88%]; R_SPF_NA(0.00)[]; BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[9]; IP_SCORE(-1.89)[ip: (-4.95), ipnet: 195.135.220.0/22(-2.54), asn: 29298(-2.03), country: DE(0.07)] X-Rspamd-Queue-Id: 86BBA6959205 X-Spam-Flag: YES or from Matěj Cepl (yesterday, 8:42) *** SPAM *** Re: [opensuse-factory] Friendly warning: Python 2 is going to be removed from Factory on 2020-01-02 X-Spamd-Bar: ++++++++ X-Spam-Level: ******** X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=8.68 X-Spamd-Result: default: False [8.68 / 9.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_SPAM(0.00)[0.646,0]; HAS_ORG_HEADER(0.00)[]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.50)[cached: mx1.suse.de]; SIGNED_PGP(-2.00)[]; FORGED_SENDER(0.30) [mcepl@cepl.eu,opensuse-factory@opensuse.org]; RCVD_IN_DNSWL_FAIL(0.00) [2.220.135.195.list.dnswl.org:query refused]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:29298, ipnet:195.135.220.0/22, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[bounces-89957- vojtech.zeisek=opensuse.org]; FORGED_RECIPIENTS(2.00)[opensuse- factory@opensuse.org,vojta@trapa.cz]; ARC_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00) [mcepl@cepl.eu,opensuse-factory@opensuse.org]; FROM_HAS_DN(0.00)[]; PRECEDENCE_BULK(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:~,3:+]; DMARC_NA(0.00)[cepl.eu]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; AUTH_NA(1.00)[]; IP_SCORE(-1.89)[ip: (-4.94), ipnet: 195.135.220.0/22(-2.53), asn: 29298(-2.03), country: DE(0.07)]; BAYES_HAM(-0.03)[55.15%]; R_SPF_NA(0.00)[]; BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[7]; GREYLIST(0.00)[pass,meta] X-Rspamd-Queue-Id: BB4706959185 X-Spam-Flag: YES And more... As You can see, mails are forwarded to my inbox vojta at trapa dot cz hosted on kikimora.laddobar.cz. I'm not sure where the problem starts. When composing mail by senders? On the conference mail server? On my mail server? In my KMail? How to fix it? -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
Vojtěch Zeisek wrote:
Hi, I have problems with some mails from opensuse-factory@opensuse.org and opensuse@opensuse.org failing into spam. For example from yesterday from Michael Ströder (13:13) Re: [opensuse- factory] Friendly warning: Python 2 is going to be removed from Factory on 2020-01-02 X-Spamd-Bar: ++++++ X-Spam-Level: ****** X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=6.85
Yep, that's a pretty decent score. On my SpamAssassin, it only got 1 point. You are using rspamd?
X-Spamd-Result: default: False [6.85 / 9.00];
So it was not identified spam? 9 seems like a very high setting, but I'm not familiar with rspamd. [snip minor socres]
BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[8];
That is clearly a problem, we just don't know what it is :-)
X-Spam-Flag: YES X-Spam: Yes This mails also has invalid signature.
What does that mean?
Or from today from Mathias Homann (7:49) *** SPAM *** Re: [opensuse] How do I interpret this router advert? X-Spamd-Bar: +++++++ X-Spam-Level: ******* X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=7.20 X-Spamd-Result: default: False [7.20 / 9.00];
I don't really understand the difference between X-Spam-Status and X-Spamd-Result ?
BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[10];
The scores have changed?
Very often, mails with signatures are affected.
Are you talking about DKIM signatures? -- Per Jessen, Zürich (11.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne středa 17. dubna 2019 10:24:24 CEST, Per Jessen napsal(a):
Vojtěch Zeisek wrote:
I have problems with some mails from opensuse-factory@opensuse.org and opensuse@opensuse.org failing into spam. For example from yesterday from Michael Ströder (13:13) Re: [opensuse- factory] Friendly warning: Python 2 is going to be removed from Factory on 2020-01-02 X-Spamd-Bar: ++++++ X-Spam-Level: ****** X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=6.85
Yep, that's a pretty decent score. On my SpamAssassin, it only got 1 point. You are using rspamd?
I have rspamd on my openSUSE TW notebook, with default settings.
X-Spamd-Result: default: False [6.85 / 9.00];
So it was not identified spam? 9 seems like a very high setting, but I'm not familiar with rspamd.
If I understand it correctly, it gets some score on the mail server and another score by my KMail. So one checker marked it as spam, the other didn't.
[snip minor socres]
BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[8];
That is clearly a problem, we just don't know what it is :-)
Yep :-)
X-Spam-Flag: YES X-Spam: Yes This mails also has invalid signature.
What does that mean?
KMail is showing validity of GPG signature. It shows red background and: Message was signed with key 0xE1E6EB540423AD61D4A95D3654C420D86E2416C0. Invalid signature. No more.
Or from today from Mathias Homann (7:49) *** SPAM *** Re: [opensuse] How do I interpret this router advert? X-Spamd-Bar: +++++++ X-Spam-Level: ******* X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=7.20 X-Spamd-Result: default: False [7.20 / 9.00];
I don't really understand the difference between X-Spam-Status and X-Spamd-Result ?
IMHO different spam checking on server/my side?
BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[10];
The scores have changed?
Very often, mails with signatures are affected.
Are you talking about DKIM signatures?
No, GPG. -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
Vojtěch Zeisek wrote:
Dne středa 17. dubna 2019 10:24:24 CEST, Per Jessen napsal(a):
Vojtěch Zeisek wrote:
I have problems with some mails from opensuse-factory@opensuse.org and opensuse@opensuse.org failing into spam. For example from yesterday from Michael Ströder (13:13) Re: [opensuse- factory] Friendly warning: Python 2 is going to be removed from Factory on 2020-01-02 X-Spamd-Bar: ++++++ X-Spam-Level: ****** X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=6.85
Yep, that's a pretty decent score. On my SpamAssassin, it only got 1 point. You are using rspamd?
I have rspamd on my openSUSE TW notebook, with default settings.
X-Spamd-Result: default: False [6.85 / 9.00];
So it was not identified spam? 9 seems like a very high setting, but I'm not familiar with rspamd.
If I understand it correctly, it gets some score on the mail server and another score by my KMail. So one checker marked it as spam, the other didn't.
I think we'll need to understand your setup a little better if we are to be of any help. You have rspamd, there is something on your email server and something in kmail?
[snip minor socres]
BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[8];
That is clearly a problem, we just don't know what it is :-)
Yep :-)
I think you'll have to dig into that to solve $SUBJ (unless you just whitelist). I googled "rspamd BROKEN_HEADERS", there were quite a few hits. -- Per Jessen, Zürich (14.4°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne středa 17. dubna 2019 15:07:35 CEST, Per Jessen napsal(a):
Vojtěch Zeisek wrote:
Dne středa 17. dubna 2019 10:24:24 CEST, Per Jessen napsal(a):
Vojtěch Zeisek wrote:
I have problems with some mails from opensuse-factory@opensuse.org and opensuse@opensuse.org failing into spam. For example from yesterday from Michael Ströder (13:13) Re: [opensuse- factory] Friendly warning: Python 2 is going to be removed from Factory on 2020-01-02 X-Spamd-Bar: ++++++ X-Spam-Level: ****** X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=6.85
Yep, that's a pretty decent score. On my SpamAssassin, it only got 1 point. You are using rspamd?
As 'X-Rspamd-Server: kikimora.laddobar.cz' says, it's from the mail server.
X-Spamd-Result: default: False [6.85 / 9.00];
So it was not identified spam? 9 seems like a very high setting, but I'm not familiar with rspamd.
If I understand it correctly, it gets some score on the mail server and another score by my KMail. So one checker marked it as spam, the other didn't.
I think we'll need to understand your setup a little better if we are to be of any help. You have rspamd, there is something on your email server and something in kmail?
I'm not admin of the server... I quickly discussed with him and he thinks it's rather issue of senders/conference than server-side filtering. He might have some too strict settings or so, but it wouldn't explain the high score the mails got. On other computer, where I observe exactly same falling of opensuse mails into spam I have bogofilter and spamassassin in KMail, so the server-side rspamd seems to be responsible for the problems observed. So there is rspamd on the mail server and bogofilter and spamassassin on my side. On my side, the mail is not marked as spam, but as it has spam label from the server, it fails to spam.
BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[8];
That is clearly a problem, we just don't know what it is :-)
I think you'll have to dig into that to solve $SUBJ (unless you just whitelist).
Is anyone else seeing this?
I googled "rspamd BROKEN_HEADERS", there were quite a few hits.
I'm not smarter after checking the hits... I don't know if it is mainly false positive (rspamd or other spam checker bug) or some problem of particular senders or the conference. Is rspamd too sensitive to something other spam checkers tolerate? -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 17/04/2019 17.08, Vojtěch Zeisek wrote:
Dne středa 17. dubna 2019 15:07:35 CEST, Per Jessen napsal(a):
BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[8];
That is clearly a problem, we just don't know what it is :-)
I think you'll have to dig into that to solve $SUBJ (unless you just whitelist).
Is anyone else seeing this?
Not me.
I googled "rspamd BROKEN_HEADERS", there were quite a few hits.
I'm not smarter after checking the hits... I don't know if it is mainly false positive (rspamd or other spam checker bug) or some problem of particular senders or the conference. Is rspamd too sensitive to something other spam checkers tolerate?
The comments I have seen say that it is very intolerant re headers. I'm afraid you may have to disable rspamd (or your ISP to disable it) or use a different mail provider. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Vojtěch Zeisek wrote:
Dne středa 17. dubna 2019 15:07:35 CEST, Per Jessen napsal(a):
Vojtěch Zeisek wrote:
Dne středa 17. dubna 2019 10:24:24 CEST, Per Jessen napsal(a):
Vojtěch Zeisek wrote:
I have problems with some mails from opensuse-factory@opensuse.org and opensuse@opensuse.org failing into spam. For example from yesterday from Michael Ströder (13:13) Re: [opensuse- factory] Friendly warning: Python 2 is going to be removed from Factory on 2020-01-02 X-Spamd-Bar: ++++++ X-Spam-Level: ****** X-Rspamd-Server: kikimora.laddobar.cz X-Spam-Status: Yes, score=6.85
Yep, that's a pretty decent score. On my SpamAssassin, it only got 1 point. You are using rspamd?
As 'X-Rspamd-Server: kikimora.laddobar.cz' says, it's from the mail server.
X-Spamd-Result: default: False [6.85 / 9.00];
So it was not identified spam? 9 seems like a very high setting, but I'm not familiar with rspamd.
If I understand it correctly, it gets some score on the mail server and another score by my KMail. So one checker marked it as spam, the other didn't.
I think we'll need to understand your setup a little better if we are to be of any help. You have rspamd, there is something on your email server and something in kmail?
I'm not admin of the server...
That's okay - but you know what sort of filtering it is doing, and what your system does with the results?
I quickly discussed with him and he thinks it's rather issue of senders/conference than server-side filtering.
Based on my results with filtering with SpamAssassin, I would tend to disagree with that. There are sometimes issue with SPF, because we (openSUSE) don't do any SRS rewriting. This is a "normal" issue wrt SPF and mailing lists. I don't see any SPF problems in what you have posted though.
So there is rspamd on the mail server and bogofilter and spamassassin on my side. On my side, the mail is not marked as spam, but as it has spam label from the server, it fails to spam.
Right. You could just ignore the server-side results?
BROKEN_HEADERS(10.00)[]; RCVD_COUNT_SEVEN(0.00)[8];
That is clearly a problem, we just don't know what it is :-)
I think you'll have to dig into that to solve $SUBJ (unless you just whitelist).
Is anyone else seeing this?
What do the two results mean? I don't understand the difference between the results in () and in []. -- Per Jessen, Zürich (18.5°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-04-17 17:08, Vojtěch Zeisek wrote:
On 2019-04-17 15:07, Per Jessen wrote: I googled "rspamd BROKEN_HEADERS", there were quite a few hits. I'm not smarter after checking the hits... I don't know if it is mainly false positive (rspamd or other spam checker bug) or some problem of particular senders or the conference. Is rspamd too sensitive to something other spam checkers tolerate?
Is this the problem? https://github.com/rspamd/rspamd/issues/2836 -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 18. dubna 2019 8:08:22 CEST, Bengt Gördén napsal(a):
On 2019-04-17 17:08, Vojtěch Zeisek wrote:
On 2019-04-17 15:07, Per Jessen wrote: I googled "rspamd BROKEN_HEADERS", there were quite a few hits.
I'm not smarter after checking the hits... I don't know if it is mainly false positive (rspamd or other spam checker bug) or some problem of particular senders or the conference. Is rspamd too sensitive to something other spam checkers tolerate?
Is this the problem? https://github.com/rspamd/rspamd/issues/2836
It could be it. If rspamd author says it's problem on openSUSE side, should we fix it here? -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 18/04/2019 11.38, Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 8:08:22 CEST, Bengt Gördén napsal(a):
On 2019-04-17 17:08, Vojtěch Zeisek wrote:
On 2019-04-17 15:07, Per Jessen wrote: I googled "rspamd BROKEN_HEADERS", there were quite a few hits.
I'm not smarter after checking the hits... I don't know if it is mainly false positive (rspamd or other spam checker bug) or some problem of particular senders or the conference. Is rspamd too sensitive to something other spam checkers tolerate?
Is this the problem? https://github.com/rspamd/rspamd/issues/2836
It could be it. If rspamd author says it's problem on openSUSE side, should we fix it here?
He doesn't say what exactly is wrong. He says to "better to fix your scripts" (which, opensuse's or Vojtěch's?). Because he says "via rspamadm mime modify". opensuse does not use that. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-04-18 11:38, Vojtěch Zeisek wrote:
It could be it. If rspamd author says it's problem on openSUSE side, should we fix it here?
I would first start with: cat <mail-that-is-considered-wrong> | formail -ds rspamc |less Or just rspamc < <mail-that-is-considered-wrong> And see what it says in the output and in the logs. Maybe turn on extensive logging somewhere. But. I would also say it's up to how the author interprets RFC's. RFC822 is way beyond obsolete. It's been obsoleted by RFC2822 which in turn has been obsoleted by RFC5322. Different Mime standards on the other hand has been standardized with respect to sometimes RFC822 and sometimes later RFC's. I can't really say what's right or what's wrong. I'm no IETF authority on this but I think I can see some pitfalls depending on what is to be taken as a standard and what's not. -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/04/2019 12.29, Bengt Gördén wrote:
On 2019-04-18 11:38, Vojtěch Zeisek wrote:
It could be it. If rspamd author says it's problem on openSUSE side, should we fix it here?
I would first start with:
cat <mail-that-is-considered-wrong> | formail -ds rspamc |less
Or just rspamc < <mail-that-is-considered-wrong>
But the OP doesn't have rspamd installed, it is his ISP. And if he installs it, the installation will be different than that that of his ISP. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 18. dubna 2019 13:45:28 CEST, Carlos E. R. napsal(a):
On 18/04/2019 12.29, Bengt Gördén wrote:
On 2019-04-18 11:38, Vojtěch Zeisek wrote:
It could be it. If rspamd author says it's problem on openSUSE side, should we fix it here?
I would first start with: cat <mail-that-is-considered-wrong> | formail -ds rspamc |less Or just rspamc < <mail-that-is-considered-wrong>
But the OP doesn't have rspamd installed, it is his ISP. And if he installs it, the installation will be different than that that of his ISP.
I have SSH access to the server. :-) wget https://lists.opensuse.org/opensuse/opensuse-2019-04.mbox.gz gunzip opensuse-2019-04.mbox.gz cat opensuse-2019-04.mbox | formail -ds rspamc > report.txt and result is here https://soubory.trapa.cz/report.txt (I'll delete it by the end of next week). -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 18/04/2019 13.56, Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 13:45:28 CEST, Carlos E. R. napsal(a):
On 18/04/2019 12.29, Bengt Gördén wrote:
On 2019-04-18 11:38, Vojtěch Zeisek wrote:
It could be it. If rspamd author says it's problem on openSUSE side, should we fix it here?
I would first start with: cat <mail-that-is-considered-wrong> | formail -ds rspamc |less Or just rspamc < <mail-that-is-considered-wrong>
But the OP doesn't have rspamd installed, it is his ISP. And if he installs it, the installation will be different than that that of his ISP.
I have SSH access to the server. :-) wget https://lists.opensuse.org/opensuse/opensuse-2019-04.mbox.gz gunzip opensuse-2019-04.mbox.gz cat opensuse-2019-04.mbox | formail -ds rspamc > report.txt and result is here https://soubory.trapa.cz/report.txt (I'll delete it by the end of next week).
Ah, good! Results for file: stdin (0.032 seconds) [Metric: default] Action: no action Spam: false <------------ Score: 5.89 / 9.00 Symbol: ARC_NA (0.00) Symbol: BAYES_HAM (-2.99)[99.99%] Symbol: BROKEN_HEADERS (10.00) <============ Symbol: DATE_IN_PAST (1.00) Symbol: FROM_HAS_DN (0.00) Symbol: FROM_NEQ_ENVFROM (0.00)[robin.listas@telefonica.net, opensuse@opensuse.org] Symbol: HAS_ATTACHMENT (0.00) Symbol: HAS_LIST_UNSUB (-0.01) Symbol: MID_RHS_MATCH_FROM (0.00) Symbol: MIME_GOOD (-0.20)[multipart/signed, multipart/mixed, text/plain] Symbol: MIME_TRACE (0.00)[0:+, 1:+, 2:+, 3:~, 4:+] Symbol: PRECEDENCE_BULK (0.00) Symbol: RCPT_COUNT_ONE (0.00)[1] Symbol: RCVD_COUNT_SEVEN (0.00)[11] Symbol: RCVD_NO_TLS_LAST (0.10) Symbol: RCVD_VIA_SMTP_AUTH (0.00) Symbol: SIGNED_PGP (-2.00) Symbol: TAGGED_FROM (0.00)[bounces-216450-archive=lists4-intern.suse.de] Symbol: TO_DN_ALL (0.00) Message-ID: 7841609c-b5b4-b1de-738e-a8f2b8646396@telefonica.net Results for file: stdin (0.144 seconds) [Metric: default] Action: rewrite subject Spam: true <------------ Subject: *** SPAM *** Re: [opensuse] Re: What multimedia player? Score: 7.28 / 9.00 Symbol: ARC_NA (0.00) Symbol: BAYES_HAM (-2.60)[98.23%] Symbol: BROKEN_HEADERS (10.00) <============ Symbol: DATE_IN_PAST (1.00) Symbol: FROM_HAS_DN (0.00) Symbol: FROM_NEQ_ENVFROM (0.00)[usenet@karmasailing.uk, opensuse@opensuse.org] Symbol: HAS_LIST_UNSUB (-0.01) Symbol: MIME_GOOD (-0.20)[multipart/signed, text/plain] Symbol: MIME_TRACE (0.00)[0:+, 1:+, 2:~, 3:+] Symbol: PRECEDENCE_BULK (0.00) Symbol: RCPT_COUNT_ONE (0.00)[1] Symbol: RCVD_COUNT_SEVEN (0.00)[8] Symbol: RCVD_NO_TLS_LAST (0.10) Symbol: RCVD_VIA_SMTP_AUTH (0.00) Symbol: SIGNED_PGP (-2.00) Symbol: SUBJECT_ENDS_QUESTION (1.00) Symbol: TAGGED_FROM (0.00)[bounces-216451-archive=lists4-intern.suse.de] Symbol: TO_DN_NONE (0.00) Message-ID: 20190403201933.24124f23@blackbox.karmasailing.uk Urls: ["github.com","goodies.xfce.org","gmpclient.org"] Emails: ["robin.listas@telefonica.net"] I think that all messages get the "BROKEN_HEADERS" mark. But it is a "()", not a "[]", whatever that means exactly. here is one of mine: Results for file: stdin (0.040 seconds) [Metric: default] Action: reject <===================== Spam: true Score: 9.00 / 9.00 Symbol: ARC_NA (0.00) Symbol: BAYES_HAM (-2.99)[99.99%] Symbol: BROKEN_HEADERS (10.00) <------------ Symbol: CTYPE_MIXED_BOGUS (1.00) Symbol: DATE_IN_PAST (1.00) Symbol: FROM_HAS_DN (0.00) Symbol: FROM_NEQ_ENVFROM (0.00)[robin.listas@gmx.es, opensuse@opensuse.org] Symbol: MIME_GOOD (-0.10)[multipart/mixed, text/plain] Symbol: MIME_TRACE (0.00)[0:+, 1:+, 2:+] Symbol: RCPT_COUNT_ONE (0.00)[1] Symbol: RCVD_COUNT_SEVEN (0.00)[10] <------------ Symbol: RCVD_NO_TLS_LAST (0.10) Symbol: RCVD_VIA_SMTP_AUTH (0.00) Symbol: TAGGED_FROM (0.00)[bounces-216572-archive=lists4-intern.suse.de] Symbol: TO_DN_ALL (0.00) Message-ID: alpine.LSU.2.21.1904122203400.32102@Telcontar.valinor It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9. Broken headers they are not. That's a very strict interpretation by rspamd, he is not changing that (nor does it explain what exactly is broken), nor will be anybody else. So whitelist or change to another mail server, or convince your provider to change to another spam scanner... -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9.
Broken headers they are not. That's a very strict interpretation by rspamd, he is not changing that (nor does it explain what exactly is broken), nor will be anybody else.
So whitelist or change to another mail server, or convince your provider to change to another spam scanner...
Maybe as the isp to change the score for BROKEN_HEADERS to 0. It seems to be causing a lot of false positives. Are the mails affected all GPG signed? -- Per Jessen, Zürich (17.9°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/04/2019 14.36, Per Jessen wrote:
Carlos E. R. wrote:
It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9.
Broken headers they are not. That's a very strict interpretation by rspamd, he is not changing that (nor does it explain what exactly is broken), nor will be anybody else.
So whitelist or change to another mail server, or convince your provider to change to another spam scanner...
Maybe as the isp to change the score for BROKEN_HEADERS to 0. It seems to be causing a lot of false positives.
Are the mails affected all GPG signed?
No. The first sample I posted is not flagged as spam and is signed, by Thunderbird. Another that is flagged is also signed, but by Alpine. Both are mine. And PGP/GPG gives a negative score: Symbol: SIGNED_PGP (-2.00) -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 18/04/2019 14.36, Per Jessen wrote:
Carlos E. R. wrote:
It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9.
Broken headers they are not. That's a very strict interpretation by rspamd, he is not changing that (nor does it explain what exactly is broken), nor will be anybody else.
So whitelist or change to another mail server, or convince your provider to change to another spam scanner...
Maybe as the isp to change the score for BROKEN_HEADERS to 0. It seems to be causing a lot of false positives.
Are the mails affected all GPG signed?
No. The first sample I posted is not flagged as spam and is signed, by Thunderbird. Another that is flagged is also signed, but by Alpine. Both are mine.
I was more interested in the BROKEN_HEADERS rule - it's just possible it's somehow related to GPG. -- Per Jessen, Zürich (19.0°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/04/2019 16.02, Per Jessen wrote:
Carlos E. R. wrote:
On 18/04/2019 14.36, Per Jessen wrote:
Carlos E. R. wrote:
It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9.
Broken headers they are not. That's a very strict interpretation by rspamd, he is not changing that (nor does it explain what exactly is broken), nor will be anybody else.
So whitelist or change to another mail server, or convince your provider to change to another spam scanner...
Maybe as the isp to change the score for BROKEN_HEADERS to 0. It seems to be causing a lot of false positives.
Are the mails affected all GPG signed?
No. The first sample I posted is not flagged as spam and is signed, by Thunderbird. Another that is flagged is also signed, but by Alpine. Both are mine.
I was more interested in the BROKEN_HEADERS rule - it's just possible it's somehow related to GPG.
Do you know how to search for a keyword with grep and a second match within the same context? I knew how to do that with the "cgrep" variation of grep. It was the internal grep version used by Lucent. With the demise of the company, they opensourced a bunch of their internal tools. Current openSUSE versions do not have it, older versions did, even older didn't. <https://github.com/awgn/cgrep> <https://sourceforge.net/projects/cgrep/> -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/04/2019 18.22, Carlos E. R. wrote:
On 18/04/2019 16.02, Per Jessen wrote:
Carlos E. R. wrote:
On 18/04/2019 14.36, Per Jessen wrote:
Carlos E. R. wrote:
It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9.
Broken headers they are not. That's a very strict interpretation by rspamd, he is not changing that (nor does it explain what exactly is broken), nor will be anybody else.
So whitelist or change to another mail server, or convince your provider to change to another spam scanner...
Maybe as the isp to change the score for BROKEN_HEADERS to 0. It seems to be causing a lot of false positives.
Are the mails affected all GPG signed?
No. The first sample I posted is not flagged as spam and is signed, by Thunderbird. Another that is flagged is also signed, but by Alpine. Both are mine.
I was more interested in the BROKEN_HEADERS rule - it's just possible it's somehow related to GPG.
Do you know how to search for a keyword with grep and a second match within the same context?
I knew how to do that with the "cgrep" variation of grep. It was the internal grep version used by Lucent. With the demise of the company, they opensourced a bunch of their internal tools. Current openSUSE versions do not have it, older versions did, even older didn't.
<https://github.com/awgn/cgrep> <https://sourceforge.net/projects/cgrep/>
Ok, I downloaded and compiled from the second link, which is the version I'm familiar with. cgrep -w "Results for file:" +w "Message-ID" -e "BROKEN_HEADERS" -e "SIGNED_PGP" ~/Downloads/report-rspamd.txt produces this type of text: ======================================== Results for file: stdin (0.124 seconds) [Metric: default] Action: no action Spam: false Score: 5.39 / 9.00 Symbol: ARC_NA (0.00) Symbol: BAYES_HAM (-2.99)[99.99%] Symbol: BROKEN_HEADERS (10.00) Symbol: FROM_HAS_DN (0.00) Symbol: FROM_NEQ_ENVFROM (0.00)[vojtech.zeisek@opensuse.org, opensuse@opensuse.org] Symbol: HAS_LIST_UNSUB (-0.01) Symbol: HAS_ORG_HEADER (0.00) Symbol: MID_RHS_NOT_FQDN (0.50) Symbol: MIME_GOOD (-0.20)[multipart/signed, text/plain] Symbol: MIME_TRACE (0.00)[0:+, 1:+, 2:~, 3:+] Symbol: PRECEDENCE_BULK (0.00) Symbol: RCPT_COUNT_ONE (0.00)[1] Symbol: RCVD_COUNT_SEVEN (0.00)[7] Symbol: RCVD_NO_TLS_LAST (0.10) Symbol: RCVD_VIA_SMTP_AUTH (0.00) Symbol: SIGNED_PGP (-2.00) Symbol: TAGGED_FROM (0.00)[bounces-216680-archive=lists4-intern.suse.de] Symbol: TO_DN_NONE (0.00) Symbol: TO_DOM_EQ_FROM_DOM (0.00) Message-ID: 5785641.QzyGvG2J0C@tilia ======================================== Results for file: stdin (0.056 seconds) [Metric: default] Action: no action ... Ie, "paragraphs" that both contain BROKEN_HEADERS and SIGNED_PGP. This produces the most interesting result for you: cgrep +V -w "Results for file:" +w "Message-ID" -e "BROKEN_HEADERS" -e "SIGNED_PGP" ~/Downloads/report-rspamd.txt | grep "=====\|Spam:\|BROKEN_HEADERS\|SIGNED_PGP\|Message-ID:" | tee result.txt It goes like this: ======================================== Spam: true Symbol: BROKEN_HEADERS (10.00) Symbol: SIGNED_PGP (-2.00) Message-ID: 2130584.Ufr576flfr@tilia ======================================== Spam: false Symbol: BROKEN_HEADERS (10.00) Symbol: SIGNED_PGP (-2.00) Message-ID: 5785641.QzyGvG2J0C@tilia ======================================== See <http://paste.opensuse.org/16141511> It is all that have both BROKEN_HEADERS and SIGNED_PGP. I can produce all that have BROKEN_HEADERS or SIGNED_PGP. cgrep +V -w "Results for file:" +w "Message-ID" -E 'BROKEN_HEADERS|SIGNED_PGP' ~/Downloads/report-rspamd.txt | grep "=====\|Spam:\|BROKEN_HEADERS\|SIGNED_PGP\|Message-ID:" | tee result-2.txt <http://paste.opensuse.org/27661553> But I don't see how to produce those that have BROKEN_HEADERS and not SIGNED_PGP. cer@Elesar:~> cat result.txt | grep "===" | wc -l 50 cer@Elesar:~> cat result-2.txt | grep "===" | wc -l 52 cer@Elesar:~> But there are 2 cases. Spam that has broken headers: 21 cgrep -h +V -w "Results for file:" +w "Message-ID" -E 'Spam: true' -e 'BROKEN_HEADERS' ~/Downloads/report-rspamd.txt | grep "=====\|Spam:\|BROKEN_HEADERS\|SIGNED_PGP\|Message-ID:" | tee result-3.txt <http://paste.opensuse.org/82703986> Spam that has broken headers and PGP: 21 cgrep -h +V -w "Results for file:" +w "Message-ID" -E 'Spam: true' -e 'BROKEN_HEADERS' -e 'SIGNED_PGP' ~/Downloads/report-rspamd.txt | grep "=====\|Spam:\|BROKEN_HEADERS\|SIGNED_PGP\|Message-ID:" | tee result-4.txt <http://susepaste.org/11526901> HTH -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 18/04/2019 16.02, Per Jessen wrote:
Carlos E. R. wrote:
On 18/04/2019 14.36, Per Jessen wrote:
Carlos E. R. wrote:
It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9.
Broken headers they are not. That's a very strict interpretation by rspamd, he is not changing that (nor does it explain what exactly is broken), nor will be anybody else.
So whitelist or change to another mail server, or convince your provider to change to another spam scanner...
Maybe as the isp to change the score for BROKEN_HEADERS to 0. It seems to be causing a lot of false positives.
Are the mails affected all GPG signed?
No. The first sample I posted is not flagged as spam and is signed, by Thunderbird. Another that is flagged is also signed, but by Alpine. Both are mine.
I was more interested in the BROKEN_HEADERS rule - it's just possible it's somehow related to GPG.
Do you know how to search for a keyword with grep and a second match within the same context?
I tend to do: grep -l whatever1 <files> | xargs grep whatever2 -- Per Jessen, Zürich (16.3°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 18. dubna 2019 16:02:21 CEST, Per Jessen napsal(a):
Carlos E. R. wrote:
On 18/04/2019 14.36, Per Jessen wrote:
Carlos E. R. wrote:
It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9.
Could this be related to possible wrong ntp/time zone/... configuration on either side?
Broken headers they are not. That's a very strict interpretation by rspamd, he is not changing that (nor does it explain what exactly is broken), nor will be anybody else.
So whitelist or change to another mail server, or convince your provider to change to another spam scanner...
Maybe as the isp to change the score for BROKEN_HEADERS to 0. It seems to be causing a lot of false positives.
Are the mails affected all GPG signed?
No. The first sample I posted is not flagged as spam and is signed, by Thunderbird. Another that is flagged is also signed, but by Alpine. Both are mine.
I was more interested in the BROKEN_HEADERS rule - it's just possible it's somehow related to GPG.
It seems it's somehow related to GPG, but not exclusively (some non-signed mails fail to spam, some signed pass), but there is no any strong pattern... -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 23/04/2019 09.55, Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 16:02:21 CEST, Per Jessen napsal(a):
Carlos E. R. wrote:
On 18/04/2019 14.36, Per Jessen wrote:
Carlos E. R. wrote:
It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9.
Could this be related to possible wrong ntp/time zone/... configuration on either side?
Maybe, but spamassassin doesn't complain. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 23/04/2019 09.55, Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 16:02:21 CEST, Per Jessen napsal(a):
Carlos E. R. wrote:
On 18/04/2019 14.36, Per Jessen wrote:
Carlos E. R. wrote:
It says "DATE_IN_PAST", which is false, but that's (1). I don't see why it is counting a score of 9.
Could this be related to possible wrong ntp/time zone/... configuration on either side?
Maybe, but spamassassin doesn't complain.
I would assume DATE_IN_PAST to be relative to current time. So any mail processed hours after it arrived will hit that one. -- Per Jessen, Zürich (18.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 23/04/2019 11.56, Per Jessen wrote:
Carlos E. R. wrote:
On 23/04/2019 09.55, Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 16:02:21 CEST, Per Jessen napsal(a):
Carlos E. R. wrote:
On 18/04/2019 14.36, Per Jessen wrote:
Carlos E. R. wrote: > It says "DATE_IN_PAST", which is false, but that's (1). I don't > see why it is counting a score of 9.
Could this be related to possible wrong ntp/time zone/... configuration on either side?
Maybe, but spamassassin doesn't complain.
I would assume DATE_IN_PAST to be relative to current time. So any mail processed hours after it arrived will hit that one.
Date in the past can happen to an email that was delayed before sending. Delayed before hitting the first SMTP server, that is, not delayed in transit, which is not the fault of the person sending: that should hit another different rule indicating that the mail was delayed in transit. Ie, it is a check against the "Date:" header, and should compare to the date of the first relay, not of the recipient. Otherwise, when the list has a hiccup and mail was delayed half a day, spamassassin would complain madly. I can verify that if wanted. cer@Elesar:~> grep "DATE_IN_PAST" ~/Downloads/report-rspamd.txt | wc -l 220 cer@Elesar:~> This is impossible. So the fault is either a bug of rspamd, or configuration at the scanning server. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 23/04/2019 11.56, Per Jessen wrote:
Carlos E. R. wrote:
On 23/04/2019 09.55, Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 16:02:21 CEST, Per Jessen napsal(a):
Carlos E. R. wrote:
On 18/04/2019 14.36, Per Jessen wrote: > Carlos E. R. wrote: >> It says "DATE_IN_PAST", which is false, but that's (1). I >> don't see why it is counting a score of 9.
Could this be related to possible wrong ntp/time zone/... configuration on either side?
Maybe, but spamassassin doesn't complain.
I would assume DATE_IN_PAST to be relative to current time. So any mail processed hours after it arrived will hit that one.
Date in the past can happen to an email that was delayed before sending. Delayed before hitting the first SMTP server, that is, not delayed in transit, which is not the fault of the person sending: that should hit another different rule indicating that the mail was delayed in transit. Ie, it is a check against the "Date:" header, and should compare to the date of the first relay, not of the recipient.
Yes you're right, that is exactly what SpamAssassin does. It has 4-5 rules, and they compare against the Received: headers. Maybe rspamd does it differently?
Otherwise, when the list has a hiccup and mail was delayed half a day, spamassassin would complain madly. I can verify that if wanted.
Perhaps not "complain madly", a 12 hour delay is about 1 point. Seems ot me we're back at BROKEN_HEADERS and asking the ISP to adjust the silly 10 point score for that rule? Vojtěch, any luck with that? -- Per Jessen, Zürich (18.4°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 23/04/2019 12.48, Per Jessen wrote:
Carlos E. R. wrote:
On 23/04/2019 11.56, Per Jessen wrote:
Carlos E. R. wrote:
On 23/04/2019 09.55, Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 16:02:21 CEST, Per Jessen napsal(a):
Carlos E. R. wrote: > On 18/04/2019 14.36, Per Jessen wrote: >> Carlos E. R. wrote: >>> It says "DATE_IN_PAST", which is false, but that's (1). I >>> don't see why it is counting a score of 9.
Could this be related to possible wrong ntp/time zone/... configuration on either side?
Maybe, but spamassassin doesn't complain.
I would assume DATE_IN_PAST to be relative to current time. So any mail processed hours after it arrived will hit that one.
Date in the past can happen to an email that was delayed before sending. Delayed before hitting the first SMTP server, that is, not delayed in transit, which is not the fault of the person sending: that should hit another different rule indicating that the mail was delayed in transit. Ie, it is a check against the "Date:" header, and should compare to the date of the first relay, not of the recipient.
Yes you're right, that is exactly what SpamAssassin does. It has 4-5 rules, and they compare against the Received: headers. Maybe rspamd does it differently?
I suspect they do. They have a reputation for being strict. It is impossible that 220 posts, the whole sample save two, hit that rule. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne úterý 23. dubna 2019 12:48:08 CEST, Per Jessen napsal(a):
Carlos E. R. wrote:
On 23/04/2019 11.56, Per Jessen wrote:
Carlos E. R. wrote:
On 23/04/2019 09.55, Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 16:02:21 CEST, Per Jessen napsal(a):
Carlos E. R. wrote: > On 18/04/2019 14.36, Per Jessen wrote: >> Carlos E. R. wrote: >>> It says "DATE_IN_PAST", which is false, but that's (1). >>> I don't see why it is counting a score of 9.
Could this be related to possible wrong ntp/time zone/... configuration on either side?
Maybe, but spamassassin doesn't complain.
I would assume DATE_IN_PAST to be relative to current time. So any mail processed hours after it arrived will hit that one.
Date in the past can happen to an email that was delayed before sending. Delayed before hitting the first SMTP server, that is, not delayed in transit, which is not the fault of the person sending: that should hit another different rule indicating that the mail was delayed in transit. Ie, it is a check against the "Date:" header, and should compare to the date of the first relay, not of the recipient.
Yes you're right, that is exactly what SpamAssassin does. It has 4-5 rules, and they compare against the Received: headers. Maybe rspamd does it differently?
Otherwise, when the list has a hiccup and mail was delayed half a day, spamassassin would complain madly. I can verify that if wanted.
Perhaps not "complain madly", a 12 hour delay is about 1 point. Seems ot me we're back at BROKEN_HEADERS and asking the ISP to adjust the silly 10 point score for that rule? Vojtěch, any luck with that?
I pointed him to this discussion and all the resources, but he is still not convinced that problem is in rspamd or in his configuration. We don't observe any other 100% pattern, so can we rule out option, that problem is in some senders? Our conference? Prove it's rspamd's bug? Prove it's wrong server configuration? -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 23/04/2019 13.36, Vojtěch Zeisek wrote:
Dne úterý 23. dubna 2019 12:48:08 CEST, Per Jessen napsal(a):
Carlos E. R. wrote:
On 23/04/2019 11.56, Per Jessen wrote:
Carlos E. R. wrote:
I pointed him to this discussion and all the resources, but he is still not convinced that problem is in rspamd or in his configuration. We don't observe any other 100% pattern, so can we rule out option, that problem is in some senders? Our conference? Prove it's rspamd's bug? Prove it's wrong server configuration?
It is obviously at your provider side, as nobody else is seeing this problem. Not saying his fault, though. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Vojtěch Zeisek wrote:
Dne úterý 23. dubna 2019 12:48:08 CEST, Per Jessen napsal(a):
Seems to me we're back at BROKEN_HEADERS and asking the ISP to adjust the silly 10 point score for that rule? Vojtěch, any luck with that?
I pointed him to this discussion and all the resources, but he is still not convinced that problem is in rspamd or in his configuration. We don't observe any other 100% pattern, so can we rule out option, that problem is in some senders? Our conference? Prove it's rspamd's bug? Prove it's wrong server configuration?
If no one can step up and say "BROKEN_HEADERS are caused by <explanation>", I don't see how we can help much more. We don't actually know what the problem is, all we see are those high scores from rspamd. We're groping in the dark. Maybe your ISP can explain to us what BROKEN_HEADERS mean. -- Per Jessen, Zürich (19.4°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne úterý 23. dubna 2019 13:52:34 CEST, Per Jessen napsal(a):
Vojtěch Zeisek wrote:
Dne úterý 23. dubna 2019 12:48:08 CEST, Per Jessen napsal(a):
Seems to me we're back at BROKEN_HEADERS and asking the ISP to adjust the silly 10 point score for that rule? Vojtěch, any luck with that?
I pointed him to this discussion and all the resources, but he is still not convinced that problem is in rspamd or in his configuration. We don't observe any other 100% pattern, so can we rule out option, that problem is in some senders? Our conference? Prove it's rspamd's bug? Prove it's wrong server configuration?
If no one can step up and say "BROKEN_HEADERS are caused by <explanation>", I don't see how we can help much more. We don't actually know what the problem is, all we see are those high scores from rspamd. We're groping in the dark. Maybe your ISP can explain to us what BROKEN_HEADERS mean.
Finally we agreed with the server admin on lowering score obtained by BROKEN_HEADERS. Since then, there are no false positives and real spam is still correctly detected. So it seems rspamd is "just" too strict by default. -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 5/2/19 2:27 PM, Vojtěch Zeisek wrote:
Dne úterý 23. dubna 2019 13:52:34 CEST, Per Jessen napsal(a):
If no one can step up and say "BROKEN_HEADERS are caused by <explanation>", I don't see how we can help much more. We don't actually know what the problem is, all we see are those high scores from rspamd. We're groping in the dark. Maybe your ISP can explain to us what BROKEN_HEADERS mean.
Finally we agreed with the server admin on lowering score obtained by BROKEN_HEADERS. Since then, there are no false positives and real spam is still correctly detected. So it seems rspamd is "just" too strict by default.
See the issue, https://github.com/rspamd/rspamd/issues/2836 It's been updated. The problem is with mime parsing. You can also see that in the source code https://github.com/rspamd/rspamd/blob/master/src/libmime/mime_parser.c#L1198 and the function that most likely is returning a problem is rspamd_string_find_eoh (GString *input, goffset *body_start) in src/libutil/str_util.c Anyway, it would be nice to actually see the message. The snippets of headers posted don't even have Message-ID: headers and who knows if the rest is mangled somehow. - Adam -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 2. května 2019 15:15:26 CEST, Adam Majer napsal(a):
On 5/2/19 2:27 PM, Vojtěch Zeisek wrote:
Dne úterý 23. dubna 2019 13:52:34 CEST, Per Jessen napsal(a):
If no one can step up and say "BROKEN_HEADERS are caused by <explanation>", I don't see how we can help much more. We don't actually know what the problem is, all we see are those high scores from rspamd. We're groping in the dark. Maybe your ISP can explain to us what BROKEN_HEADERS mean.
Finally we agreed with the server admin on lowering score obtained by BROKEN_HEADERS. Since then, there are no false positives and real spam is still correctly detected. So it seems rspamd is "just" too strict by default. See the issue, https://github.com/rspamd/rspamd/issues/2836 It's been updated. The problem is with mime parsing. You can also see that in the source code
Thank You for update, but it's closed and the developer still claims the behavior as intentional...
Anyway, it would be nice to actually see the message. The snippets of headers posted don't even have Message-ID: headers and who knows if the rest is mangled somehow.
I did posted the report how the rspamd filtered opensuse mails over week ago, but deleted it few minutes before Your mail arrived and since then the rspamd configuration changed... :-( -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 5/2/19 3:29 PM, Vojtěch Zeisek wrote:
Dne čtvrtek 2. května 2019 15:15:26 CEST, Adam Majer napsal(a):
See the issue, https://github.com/rspamd/rspamd/issues/2836 It's been updated. The problem is with mime parsing. You can also see that in the source code
Thank You for update, but it's closed and the developer still claims the behavior as intentional...
Ok, I've read this again with and your email to the list. The problem is that the mailing list is breaking messages. Content-Type: multipart/signed; boundary="nextPart1571188.MKfvkhBvvt"; micalg="pgp-sha256"; protocol="application/pgp-signature" rfc1521.txt part 7.2.1 - https://www.ietf.org/rfc/rfc1521.txt "The encapsulation boundary following the last body part is a distinguished delimiter that indicates that no further body parts will follow. Such a delimiter is identical to the previous delimiters, with the addition of two more hyphens at the end of the line" " There appears to be room for additional information prior to the first encapsulation boundary and following the final boundary. These areas should generally be left blank, and implementations must ignore anything that appears before the first boundary or after the last one. " But, our mailing lists adds the footer, -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org which is against "recommendation" of the RFC. Thunderbird ignored these parts anyway (they are not displayed), which is as per RFC. Maybe it's not a good idea just append this stuff to random data coming through? And rspamd maintainer is probably correct, that these areas can be used to trick either the spam scanner or the recipient. So, ML software seems broken. rspamd is not really at fault for detecting bad message formats. - Adam -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 2. května 2019 17:44:08 CEST, Adam Majer napsal(a):
On 5/2/19 3:29 PM, Vojtěch Zeisek wrote:
Dne čtvrtek 2. května 2019 15:15:26 CEST, Adam Majer napsal(a):
See the issue, https://github.com/rspamd/rspamd/issues/2836 It's been updated. The problem is with mime parsing. You can also see that in the source code
Thank You for update, but it's closed and the developer still claims the behavior as intentional...
Ok, I've read this again with and your email to the list. The problem is that the mailing list is breaking messages.
Content-Type: multipart/signed; boundary="nextPart1571188.MKfvkhBvvt"; micalg="pgp-sha256"; protocol="application/pgp-signature"
rfc1521.txt part 7.2.1 - https://www.ietf.org/rfc/rfc1521.txt
"The encapsulation boundary following the last body part is a distinguished delimiter that indicates that no further body parts will follow. Such a delimiter is identical to the previous delimiters, with the addition of two more hyphens at the end of the line"
" There appears to be room for additional information prior to the first encapsulation boundary and following the final boundary. These areas should generally be left blank, and implementations must ignore anything that appears before the first boundary or after the last one. "
But, our mailing lists adds the footer,
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
which is against "recommendation" of the RFC. Thunderbird ignored these parts anyway (they are not displayed), which is as per RFC. Maybe it's not a good idea just append this stuff to random data coming through? And rspamd maintainer is probably correct, that these areas can be used to trick either the spam scanner or the recipient.
So, ML software seems broken. rspamd is not really at fault for detecting bad message formats.
If so, is it possible to (easily) fix our ML software? -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
Adam Majer wrote:
So, ML software seems broken. rspamd is not really at fault for detecting bad message formats.
Yup, I can confirm mlmmj does indeed add the footer even after the last boundary. Assigning 10 points seems a bit silly though, in particular when this violation is zero indication of the message being spam. Feel free to open a ticket - admin at o.o. Or directly with mlmmj at http://mlmmj.org/ -- Per Jessen, Zürich (13.9°C) member, openSUSE Heroes. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/05/2019 17.44, Adam Majer wrote:
On 5/2/19 3:29 PM, Vojtěch Zeisek wrote:
Dne čtvrtek 2. května 2019 15:15:26 CEST, Adam Majer napsal(a):
See the issue, https://github.com/rspamd/rspamd/issues/2836 It's been updated. The problem is with mime parsing. You can also see that in the source code
Thank You for update, but it's closed and the developer still claims the behavior as intentional...
Ok, I've read this again with and your email to the list. The problem is that the mailing list is breaking messages.
Content-Type: multipart/signed; boundary="nextPart1571188.MKfvkhBvvt"; micalg="pgp-sha256"; protocol="application/pgp-signature"
...
But, our mailing lists adds the footer,
Ah, that. Added since ever, yes (I see it in posts dated 2003). But as far as I remember, not only multipart messages were flagged as spam. I did not check that. I see other mail lists adding a footer: Packman, for instance, using mailman. Lazarus. Alpine
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
which is against "recommendation" of the RFC. Thunderbird ignored these parts anyway (they are not displayed),
Yours is displayed, but it is not multipart. The one from Vojtěch Zeisek is multipart, and does not display it.
which is as per RFC. Maybe it's not a good idea just append this stuff to random data coming through? And rspamd maintainer is probably correct, that these areas can be used to trick either the spam scanner or the recipient.
So, ML software seems broken. rspamd is not really at fault for detecting bad message formats.
It is for giving that a 10 score as spam, IMHO. Spamassassin doesn't. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 2. května 2019 19:55:11 CEST, Carlos E. R. napsal(a):
On 02/05/2019 17.44, Adam Majer wrote:
On 5/2/19 3:29 PM, Vojtěch Zeisek wrote:
Dne čtvrtek 2. května 2019 15:15:26 CEST, Adam Majer napsal(a):
See the issue, https://github.com/rspamd/rspamd/issues/2836 It's been updated. The problem is with mime parsing. You can also see that in the source code
Thank You for update, but it's closed and the developer still claims the behavior as intentional...
Ok, I've read this again with and your email to the list. The problem is that the mailing list is breaking messages.
Content-Type: multipart/signed; boundary="nextPart1571188.MKfvkhBvvt"; micalg="pgp-sha256"; protocol="application/pgp-signature"
But, our mailing lists adds the footer,
Ah, that. Added since ever, yes (I see it in posts dated 2003).
But as far as I remember, not only multipart messages were flagged as spam. I did not check that.
Not only messages with GPG, but they could be answering GPG mail or so...
I see other mail lists adding a footer: Packman, for instance, using mailman. Lazarus. Alpine
Mailman depends on version. Some recent versions contain plenty of changes to be compliant with (new/newly enforced) standards.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
which is against "recommendation" of the RFC. Thunderbird ignored these parts anyway (they are not displayed),
Yours is displayed, but it is not multipart. The one from Vojtěch Zeisek is multipart, and does not display it.
which is as per RFC. Maybe it's not a good idea just append this stuff to random data coming through? And rspamd maintainer is probably correct, that these areas can be used to trick either the spam scanner or the recipient.
So, ML software seems broken. rspamd is not really at fault for detecting bad message formats.
It is for giving that a 10 score as spam, IMHO. Spamassassin doesn't.
Yep. Broken header is bug, but probably not worth of marking the mail as spam. The logic obviously is "it's not following technical standards, it's suspicious", which makes sense. The strictness is questionable... -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 02/05/2019 20.24, Vojtěch Zeisek wrote:
Dne čtvrtek 2. května 2019 19:55:11 CEST, Carlos E. R. napsal(a):
On 02/05/2019 17.44, Adam Majer wrote:
On 5/2/19 3:29 PM, Vojtěch Zeisek wrote:
Dne čtvrtek 2. května 2019 15:15:26 CEST, Adam Majer napsal(a):
It is for giving that a 10 score as spam, IMHO. Spamassassin doesn't.
Yep. Broken header is bug, but probably not worth of marking the mail as spam. The logic obviously is "it's not following technical standards, it's suspicious", which makes sense. The strictness is questionable...
Exactly. It is the sum of several factors that most determine an email as spam. Very rarely should a single factor be determinant. Failing to comply fully with some standard is not, IMO, specially when it can be seen that thousands of posts have that breakage. A breakage that only happens on spam, is a different thing. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/05/2019 15.29, Vojtěch Zeisek wrote:
Dne čtvrtek 2. května 2019 15:15:26 CEST, Adam Majer napsal(a):
Anyway, it would be nice to actually see the message. The snippets of headers posted don't even have Message-ID: headers and who knows if the rest is mangled somehow.
I did posted the report how the rspamd filtered opensuse mails over week ago, but deleted it few minutes before Your mail arrived and since then the rspamd configuration changed... :-(
I have a local copy. If any one wants it... -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-04-18 13:56, Vojtěch Zeisek wrote:
I have SSH access to the server. :-) wget https://lists.opensuse.org/opensuse/opensuse-2019-04.mbox.gz gunzip opensuse-2019-04.mbox.gz cat opensuse-2019-04.mbox | formail -ds rspamc > report.txt and result is here https://soubory.trapa.cz/report.txt (I'll delete it by the end of next week).
Could you also check the version? rspamadm --version -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 18. dubna 2019 21:33:11 CEST, Bengt Gördén napsal(a):
On 2019-04-18 13:56, Vojtěch Zeisek wrote:
I have SSH access to the server. :-) wget https://lists.opensuse.org/opensuse/opensuse-2019-04.mbox.gz gunzip opensuse-2019-04.mbox.gz cat opensuse-2019-04.mbox | formail -ds rspamc > report.txt and result is here https://soubory.trapa.cz/report.txt (I'll delete it by the end of next week).
Could you also check the version?
rspamadm --version
Rspamadm 1.9.2 cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 8:08:22 CEST, Bengt Gördén napsal(a):
On 2019-04-17 17:08, Vojtěch Zeisek wrote:
On 2019-04-17 15:07, Per Jessen wrote: I googled "rspamd BROKEN_HEADERS", there were quite a few hits.
I'm not smarter after checking the hits... I don't know if it is mainly false positive (rspamd or other spam checker bug) or some problem of particular senders or the conference. Is rspamd too sensitive to something other spam checkers tolerate?
Is this the problem? https://github.com/rspamd/rspamd/issues/2836
It could be it. If rspamd author says it's problem on openSUSE side, should we fix it here?
If we agree, and if it's fixable :-) -- Per Jessen, Zürich (15.9°C) member, openSUSE Heroes. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne čtvrtek 18. dubna 2019 13:04:17 CEST, Per Jessen napsal(a):
Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 8:08:22 CEST, Bengt Gördén napsal(a):
On 2019-04-17 17:08, Vojtěch Zeisek wrote:
On 2019-04-17 15:07, Per Jessen wrote: I googled "rspamd BROKEN_HEADERS", there were quite a few hits.
I'm not smarter after checking the hits... I don't know if it is mainly false positive (rspamd or other spam checker bug) or some problem of particular senders or the conference. Is rspamd too sensitive to something other spam checkers tolerate?
Is this the problem? https://github.com/rspamd/rspamd/issues/2836
It could be it. If rspamd author says it's problem on openSUSE side, should we fix it here?
If we agree, and if it's fixable :-)
Do we? Is it? :-) (I'm sorry, my knowledge about these things is nearly zero.) -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 13:04:17 CEST, Per Jessen napsal(a):
Vojtěch Zeisek wrote:
Dne čtvrtek 18. dubna 2019 8:08:22 CEST, Bengt Gördén napsal(a):
On 2019-04-17 17:08, Vojtěch Zeisek wrote:
On 2019-04-17 15:07, Per Jessen wrote: I googled "rspamd BROKEN_HEADERS", there were quite a few hits.
I'm not smarter after checking the hits... I don't know if it is mainly false positive (rspamd or other spam checker bug) or some problem of particular senders or the conference. Is rspamd too sensitive to something other spam checkers tolerate?
Is this the problem? https://github.com/rspamd/rspamd/issues/2836
It could be it. If rspamd author says it's problem on openSUSE side, should we fix it here?
If we agree, and if it's fixable :-)
Do we? Is it? :-) (I'm sorry, my knowledge about these things is nearly zero.)
If it is a problem in any processing we do, it can be fixed, but I doubt if it is. We don't modify the emails before sending, and when the problem is not identified in _every_ mail, it must be dependent on the sender. There isn't anything we can do about that. I think the only option is to whitelist. -- Per Jessen, Zürich (17.0°C) member, openSUSE Heroes. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 4/17/19 10:24 AM, Per Jessen wrote:
X-Spamd-Result: default: False [6.85 / 9.00];
So it was not identified spam? 9 seems like a very high setting, but I'm not familiar with rspamd.
No wikipedia article. As a rule, I suspect things with no Wikipedia article. There is the start of an article in French. Seems commercial? At least, it has a .com domain. <http://spamassassin.1065346.n5.nabble.com/rspamd-vs-spamassassin-td120358.html> *rspamd vs spamassassin * (2016) They don't seem to like it. Crashes. Lacking documentation. <https://groups.google.com/forum/#!topic/rspamd/dsMncO7GRSg> *Migration SpamAssassin to Rspamd* (2018) That it is difficult to configure. Not ready. Then some dev from there (apparently) responds. <https://forums.zimbra.org/viewtopic.php?t=62443> *Rspamd: A replacement for Spamassassin & Postscreen* (2017) <https://lwn.net/Articles/732570/> *Spam filtering with Rspamd* (2017) Not simple to install and configure. Designed for speed (100 messages per second). «Perhaps foremost, the direct integration with the MTA means that spam filtering takes place while the SMTP conversation is ongoing. That makes techniques like greylisting possible. It also enables the rejection of overt spam outright, before it has been accepted from the remote server; this has a couple of advantages: there is no need to store the spam locally, and the sender will get a bounce — assuming there is a real sender who cares about such things. Yes, one can configure things to use SpamAssassin in this way, but it involves a rather larger amount of duct tape.» «Rspamd comes with its own built-in web server which, by default, is only available through the loopback interface. It can present various types of plots describing the traffic it has processed, as can be seen on the [Rspamd] right. The server can also be used to alter the configuration on the fly, changing the scores associated with various tests, and more. These changes do not appear to be saved permanently, though, so the system administrator still has to edit the (numerous) configuration files to make a change that will stick.» «The one exception regarding false positives is significant. The documentation of Rspamd's pattern-matching rules is poor relative to SpamAssassin, so it took a while to find out what MULTIPLE_UNIQUE_HEADERS is looking for. In short, it is checking the message for multiple instances of headers that should appear only once (References: or In-Reply-to:, for example). The penalty for this infraction is severe: ten points, enough to condemn a message on its own, even if, say, the bayesian filter gives a 100% probability that the message is legitimate. Unfortunately, git send-email is prone to duplicating just those headers at times, with the result that patches end up in the spam folder.» «So is moving from SpamAssassin to Rspamd a reasonable thing to do? A site with a working SpamAssassin setup may well want to stay with it if the users are happy with the results. There might also be value in staying put for anybody who fears the security implications of a program written in C that is fully exposed to a steady stream of hostile input. The project does not appear to have ever called out an update with security implications; it seems unlikely that there have never been any security-relevant bugs fixed in a tool of this complexity. But, for anybody who sees the benefit of a more active development community, better performance, better MTA integration, newer filtering mechanisms, and a web interface with cute pie charts, changing over might make sense. There is even a module to import custom SpamAssassin rules to make the task easier (but there is no way to import an existing SpamAssassin bayesian database). In any case, it is good to see that development on spam filters continues, even if the SpamAssassin community has mostly moved on to other things.» And then follows replies and comments. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Adam Majer -
Bengt Gördén -
Carlos E. R. -
Per Jessen -
Vojtěch Zeisek