SA Bugzilla – Bug 6296
Problem with DATE_IN_FUTURE_48_96 rule
Last modified: 2010-06-21 17:20:01 UTC
Seeing frequent incorrect false positives on the DATE_IN_FUTURE_48_96 rule. The relevant headers from one example are: Received: from pdxgw1.a{removed}.com (10.10.10.1) by pdxexch1.domain.local (10.10.10.12) with Microsoft SMTP Server (TLS) id 8.1.393.1; Mon, 18 Jan 2010 13:23:30 -0800 Received: from axis.com (yab.axis.com [195.60.68.32]) by pdxgw1.a{removed}.com (8.13.8/8.13.8) with ESMTP id o0ILNGbr022226 for <{removed}>; Mon, 18 Jan 2010 13:23:25 -0800 Date: Mon, 18 Jan 2010 22:23:24 +0100 X-Spam-Status: Yes, score=5.7 required=5.0 tests=BAYES_50,DATE_IN_FUTURE_48_96, HTML_MESSAGE,MIME_HTML_ONLY,TO_REMOVE autolearn=disabled version=3.2.5 (There is no Resent-Date header.) If I manually run the dates thru Mail::SpamAssassin::Util::parse_rfc822_date the results are all within just a few seconds. Manually running the message back thru SpamAssassin does not cause the rule to hit. System is running CentOS 5.4 x86_64 with SpamAssassin and spamass-milter installed from rpmforge repository. Any suggestion(s) as to how to debug this further?
please attach a full sample mail that displays the problem -- feel free to modify headers etc, as long as it still reproduces the issue with "spamassassin -Lt < msg".
A sample message which displays the problem when run thru the milter or when run from the command line? As I tried to indicate, I'm (so far) not able to reproduce the issue when running the messages thru from the command-line.
> As I tried to indicate, I'm (so far) not able to reproduce the issue when > running the messages thru from the command-line. doh. sorry, missed that part.
I've got a little bit of an update on this.....it appears that the bug may be with spamass-milter and the Received header that it generates. Since the original report, SpamAssassin has been updated to the RPMforge/DAG release of 3.3.1 (2010-03-16). Here are the sendmail logs from a recent false-positive of the DATE_IN_FUTURE_48_96 rule: Apr 12 15:00:38 pdxgw1 sendmail[14752]: o3CM0YMx014752: Milter add: header: X-Spam-Status: No, score=-101.8 required=5.0 tests=BAYES_00,\n\tDATE_IN_FUTURE_48_96,EXTRA_MPART_TYPE,HTML_MESSAGE,T_RP_MATCHES_RCVD,\n\tWHITELISTED,WHITE_TEXT autolearn=disabled version=3.3.1 Apr 12 15:00:38 pdxgw1 sendmail[14752]: o3CM0YMx014752: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on\n\tpdxgw1.{removed}.com These are the relevant headers from the email: Received: from {removed}.com (ex1.{removed}.com [67.88.100.172]) by pdxgw1.{removed}.com (8.13.8/8.13.8) with ESMTP id o3CM0YMx014752 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <{removed}@{removed}.com>; Mon, 12 Apr 2010 15:00:35 -0700 Received: from ([10.1.1.10]) by mail.{removed}.com with ESMTP id 0822B00820.2144728; Mon, 12 Apr 2010 16:00:33 -0600 Date: Mon, 12 Apr 2010 16:00:33 -0600 X-Spam-Status: No, score=-101.8 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_48_96,EXTRA_MPART_TYPE,HTML_MESSAGE,T_RP_MATCHES_RCVD, WHITELISTED,WHITE_TEXT autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdxgw1.{removed}.com I have also been able to enable logging of the Received header generated by spamass-milter as seen by SpamAssassin. The Received headers that were passed to SA are: Received: from {removed}.com (ex1.{removed}.com [67.88.100.172]) by pdxgw1.{removed}.com(8.13.8/8.13.8) with ESMTP id o3CM0YMx014752 Thu, 8 Apr 2010 15:23:50 -0700 (envelope-from <{removed}@{removed}.com> Received: from ([10.1.1.10]) by mail.{removed}.com with ESMTP id 0822B00820.2144728; Mon, 12 Apr 2010 16:00:33 -0600 The "Thu, 8 Apr 2010 15:23:50 -0700" Received date that SpamAssassin saw appears to be in error. I will attempt to follow-up with the group responsible for spamass-milter.
Thanks for the update, Stuart. Closing this report, since it is not reproducible with SA alone and appears to be an issue with the milter.