Spamassassin 3.4.2 released

Use this forum for discussions about SpamAssassin and anti-spam in general.
User avatar
jimimaseye
Moderator
Moderator
Posts: 8128
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2019-02-27 09:47

SorenR wrote:
2019-02-27 03:41
1 observation...

Vanilla 3.4.0: Header eval fails on hotmail addresses as these now come from "outlook.com" !!

Code: Select all

*  0.9 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
It turns out this issue dates back to 2017. It took until today that my son received mail from a girl who is using hotmail and her mail went down the SPAM folder :roll:

I have "hacked" my 3.4.0 with some of the new 3.4.2 plugin code, will report back when and if I get another mail from a hotmail user ... 8) :mrgreen: :idea:
I have a hotmail address and am running SA 3.4.0 from Jam so just did a test. And get the same results as you:

Code: Select all

X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mailserver
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FORGED_HOTMAIL_RCVD2,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_YE,SPF_HELO_PASS,TVD_SPACE_RATIO
	shortcircuit=no autolearn=no autolearn_force=no version=3.4.0
X-Spam-Report: 
	*  0.0 RCVD_IN_HOSTKARMA_YE RBL: HostKarma: relay in yellow list (varies)
	*      [40.92.69.26 listed in hostkarma.junkemailfilter.net]
	* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
	*      [score: 0.0000]
	* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
	*      trust
	*      [40.92.69.26 listed in list.dnswl.org]
	*  0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	*      (grumblerfriends[at]hotmail.com)
	* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
	*  0.9 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
	*       domain
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*      valid
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	*  0.0 TVD_SPACE_RATIO No description available.
	*
Received: from EUR02-VE1-obe.outbound.protection.outlook.net (mail-oln040092069026.outbound.protection.outlook.net [40.92.69.26])
	by mydomain.net with ESMTP
	; Wed, 27 Feb 2019 07:42:09 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=P+2kSL/oI+TagIGAso3jpNGHEQ6JAqRbOaoFHnPA7F8=;
Received: from HE1EUR02FT035.eop-EUR02.prod.protection.outlook.net
Received: from DB6PR0201MB2070.eurprd02.prod.outlook.net (10.152.10.56) by
 HE1EUR02FT035.mail.protection.outlook.net (10.152.10.127) with Microsoft SMTP
Received: from DB6PR0201MB2070.eurprd02.prod.outlook.net
From: grumbler friends <grumblerfriends@hotmail.com>
To: "sylvester@mydomain.com" <sylvester@mydomain.com>
Subject: test1
Even so, I still result in -ve1.1 score (default rules). How comes yours hit spam level just because of the extra +0.9 from that particular rule score? (Even without my bayes score it would be only +1.0)

Anyway, if you want to test your changes I can send you a test email (PM an address).


(My Observation: I bet your son is LOVING the fact you're seeing his private emails from his girlfriends. :lol: )
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3189
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2019-02-27 17:23

jimimaseye wrote:
2019-02-27 09:47
(My Observation: I bet your son is LOVING the fact you're seeing his private emails from his girlfriends. :lol: )
Ah... I have elected to only log certain headers in my daily logs, but when something is marked for SPAM, it IS MINE ... ALL MINE ... Muah ha ha ha ha ...

Anyways, it was only a school paper explaining a cow's digestion ... :roll:
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

User avatar
SorenR
Senior user
Senior user
Posts: 3189
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2019-02-27 18:06

jimimaseye wrote:
2019-02-27 09:47
Even so, I still result in -ve1.1 score (default rules). How comes yours hit spam level just because of the extra +0.9 from that particular rule score? (Even without my bayes score it would be only +1.0)
Ah.. We'r Danish. When we do stuff, we follow thru :mrgreen:

BOTNET_IPINHOSTNAME is a custom plugin. (https://github.com/eilandert/Botnet.pm)

Here's why:

Code: Select all

X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mailserver.acme.inc
X-Spam-Flag: YES
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.6 required=3.0 tests=BAYES_50,BOTNET_IPINHOSTNAME,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FORGED_HOTMAIL_RCVD2,FREEMAIL_FROM,
	HTML_IMAGE_ONLY_24,HTML_IMAGE_RATIO_02,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	SPF_HELO_PASS autolearn=disabled version=3.4.0
X-Spam-ASN: AS8075 40.64.0.0/10
X-Spam-Virus: No
X-Spam-Report: 
	*  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
	*      [score: 0.5000]
	*  0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	*      (hunter[at]hotmail.com)
	* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
	*      trust
	*      [40.92.70.91 listed in list.dnswl.org]
	* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
	*  1.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
	*      [botnet_ipinhosntame,ip=40.92.70.91,rdns=mail-oln040092070091.outbound.protection.outlook.com]
	*  0.9 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
	*  0.4 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
	*  1.6 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
	*      domain
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*      valid

Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-oln040092070091.outbound.protection.outlook.com [40.92.70.91]) 
	by mx.acme.inc 
	; Tue, 26 Feb 2019 12:33:32 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; 
 s=selector1; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Bmya5LopWji7HC8qQciG3MY/pXYY+8TgsPRszk1BRf8=;
Received: from VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com (10.152.18.51) 
	by VE1EUR03HT106.eop-EUR03.prod.protection.outlook.com (10.152.19.131) 
	with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
	id 15.20.1643.11; Tue, 26 Feb 2019 11:32:30 +0000
Received: from AM6PR02MB4520.eurprd02.prod.outlook.com (10.152.18.55) 
	by VE1EUR03FT005.mail.protection.outlook.com (10.152.18.172) 
	with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
	id 15.20.1643.11 via Frontend Transport; Tue, 26 Feb 2019 11:32:30 +0000
Received: from AM6PR02MB4520.eurprd02.prod.outlook.com ([fe80::45a5:e50e:33bf:2c51]) 
	by AM6PR02MB4520.eurprd02.prod.outlook.com ([fe80::45a5:e50e:33bf:2c51%2]) 
	with mapi 
	id 15.20.1643.019; Tue, 26 Feb 2019 11:32:30 +0000
From: Elmer Fudd <hunter@hotmail.com>
To: Bugs Bunny <wabbit@acme.inc>
Subject: Kulhydrat
I had a peak into Mail\Spamassassin\Plugin\HeaderEval.pm and this is where shi****/stuff happens.
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

palinka
Senior user
Senior user
Posts: 1105
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2019-02-28 03:58

SorenR wrote:
2019-02-27 17:23
Anyways, it was only a school paper explaining a cow's digestion ... :roll:
A noble endeavor!

Post Reply