Nice Google-fu! :-)<br><br><div class="gmail_quote">On Fri, Nov 18, 2011 at 10:29 AM, Peter O'Gorman <span dir="ltr"><<a href="mailto:peter@pogma.com">peter@pogma.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Google turned up this:<br>
<a href="http://lists.nongnu.org/archive/html/spamass-milt-list/2010-05/msg00001.html" target="_blank">http://lists.nongnu.org/<u></u>archive/html/spamass-milt-<u></u>list/2010-05/msg00001.html</a><br>
<br>
Looks like the problem is spamass-milter's synthesized Received header, rather than the spamassassin rule.<span class="HOEnZb"><font color="#888888"><br>
<br>
Peter</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
On 11/15/2011 10:45 AM, Gilbert E. Detillieux wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 2011-11-14 17:46, Kevin McGregor wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
So you've changed the date manually to be exactly the same, and the rule<br>
doesn't trigger?<br>
</blockquote>
<br>
Well... Here's the weird thing: if I pass the exact same message through<br>
spamc manually, I don't get the false positive on that rule. So, I tried<br>
mailing that message back to myself from a non-local mailer (so that it<br>
goes through spamass-milter again), but this generates extra "Received"<br>
headers that change the behaviour. (I now get a trigger on the<br>
DATE_IN_PAST_24_48 rule, since the message is now that old.)<br>
<br>
So, I can't test under exactly the same conditions. Given that running<br>
the message through spamc manually didn't trigger the rule, I'm tempted<br>
to think it might be something in the spamass-milter configuration,<br>
which is causing some information to not be transferred to spamc, or to<br>
be transferred incorrectly. Not sure at this point.<br>
<br>
Gilbert<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Mon, Nov 14, 2011 at 4:56 PM, Gilbert E. Detillieux<br>
<<a href="mailto:gedetil@cs.umanitoba.ca" target="_blank">gedetil@cs.umanitoba.ca</a> <mailto:<a href="mailto:gedetil@cs.umanitoba.ca" target="_blank">gedetil@cs.umanitoba.<u></u>ca</a>>> wrote:<br>
<br>
I mentioned this problem at the last round-table session, but didn't<br>
get a solution, so I thought I'd post it here, just in case anyone<br>
has any suggestions to offer.<br>
<br>
I'm still seeing a whole bunch of false positives in SpamAssassin,<br>
since an update was installed in mid-September on a CentOS 5.7<br>
system, for a rule called DATE_IN_FUTURE_96_Q, which is only<br>
supposed to be triggered when the "Date:" header has a date that is<br>
4 days to 4 month ahead of the date in the "Received" header that<br>
has the _smallest_ difference in date.<br>
<br>
Here are the headers from the latest e-mail I've received with this<br>
false-positive. (I've stripped out irrelevant headers, for the sake<br>
of clarity and simplicity.)<br>
<br>
>From topfivestories@messagent.__<a href="http://itworldcanada.com" target="_blank">itw<u></u>orldcanada.com</a><br>
<mailto:<a href="mailto:topfivestories@messagent.itworldcanada.com" target="_blank">topfivestories@<u></u>messagent.itworldcanada.com</a>> Mon Nov 14<br>
07:50:13 2011<br>
Received: from mail.messagent.itworldcanada._<u></u>_com<br>
<<a href="http://mail.messagent.itworldcanada.com" target="_blank">http://mail.messagent.<u></u>itworldcanada.com</a>><br>
(mail.messagent.itworldcanada.<u></u>__com<br>
<<a href="http://mail.messagent.itworldcanada.com" target="_blank">http://mail.messagent.<u></u>itworldcanada.com</a>> [207.112.10.80])<br>
by <a href="http://palladium.cs.umanitoba.ca" target="_blank">palladium.cs.umanitoba.ca</a><br>
<<a href="http://palladium.cs.umanitoba.ca" target="_blank">http://palladium.cs.<u></u>umanitoba.ca</a>> (8.13.8/8.13.8) with SMTP id<br>
pAEDoAxV028594<br>
for <<a href="mailto:gedetil@cs.umanitoba.ca" target="_blank">gedetil@cs.umanitoba.ca</a><br>
<mailto:<a href="mailto:gedetil@cs.umanitoba.ca" target="_blank">gedetil@cs.umanitoba.<u></u>ca</a>>>; Mon, 14 Nov 2011 07:50:12 -0600<br>
Date: Mon, 14 Nov 2011 08:50:13 -0500<br>
X-Spam-Status: No, score=-0.3 required=5.0<br>
tests=BAYES_00,DATE_IN_FUTURE_<u></u>__96_Q,<br>
HTML_MESSAGE,RP_MATCHES_RCVD autolearn=no version=3.3.1<br>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on<br>
<a href="http://palladium.cs.umanitoba.ca" target="_blank">palladium.cs.umanitoba.ca</a> <<a href="http://palladium.cs.umanitoba.ca" target="_blank">http://palladium.cs.<u></u>umanitoba.ca</a>><br>
<br>
Note that I'm calling spamd via the spamass-milter on a system<br>
running sendmail. Note also, that in the above example, the only<br>
"Received" header was the one generated by my own server. (I've had<br>
other false positives, however, with multiple "Received" headers,<br>
all of which were within seconds of the time in the "Date" header.)<br>
<br>
Any ideas?<br>
</blockquote>
<br>
</blockquote>
<br>
</div></div></blockquote></div><br>