From users-return-119889-archive-asf-public=cust-asf.ponee.io@spamassassin.apache.org Wed Jan 30 19:30:10 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 66757180652 for ; Wed, 30 Jan 2019 20:30:10 +0100 (CET) Received: (qmail 37098 invoked by uid 500); 30 Jan 2019 19:30:09 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 37088 invoked by uid 99); 30 Jan 2019 19:30:08 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2019 19:30:08 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id F2EF7C69C4 for ; Wed, 30 Jan 2019 19:30:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.501 X-Spam-Level: X-Spam-Status: No, score=-0.501 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=zerospam.ca Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id VfqCwJtvaNv5 for ; Wed, 30 Jan 2019 19:30:06 +0000 (UTC) Received: from nestor.zerospam.ca (nestor.zerospam.ca [209.172.38.88]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 710455F575 for ; Wed, 30 Jan 2019 19:30:06 +0000 (UTC) X-ZEROSPAM_FILTERED: true Received: from nestor.zerospam.ca (localhost [127.0.0.1]) by nestor.zerospam.ca (Postfix) with ESMTP id 43qYNS2Pbcz8sWV for ; Wed, 30 Jan 2019 14:30:00 -0500 (EST) Authentication-Results: nestor.zerospam.ca (ip=10.2.0.42); spf=none smtp.helo=romano.zerospam.ca; spf=fail smtp.mailfrom=olivier.coutu@zerospam.ca; dkim=pass header.d=zerospam.ca header.i=@zerospam.ca header.b=N95KuIqu header.s=romano201812; dmarc=pass (action=none) reason="DKIM aligned" header.from=zerospam.ca Received: from 127.0.0.1 (127.0.0.1:12000) (original ip: 10.2.0.42) by nestor.zerospam.ca (Themis) with ESMTP id zTP5VaC76vXFL9zpF9L; Wed, 30 Jan 2019 14:29:58 -0500 Received: from romano.zerospam.ca (unknown [10.2.0.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by nestor.zerospam.ca (Postfix) with ESMTPS id 43qYNQ2mnLz8sWj for ; Wed, 30 Jan 2019 14:29:58 -0500 (EST) Received: from [10.0.0.32] (modemcable218.61-70-69.static.videotron.ca [69.70.61.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: olivier.coutu@zerospam.ca) by romano.zerospam.ca (Postfix) with ESMTPSA id 2CE6B2208AF for ; Wed, 30 Jan 2019 14:29:58 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=zerospam.ca; s=romano201812; t=1548876598; bh=Hj5+gBWnNk6dZGB8kL9WXY3u7qQWfhOMwe8988XT/p4=; h=To:From:Subject:Date:From; b=N95KuIqu8MYCiXbIzbxyQiJ6SB+q30P8513z1p/cQ9H7poI1+7kOYluzPDepEVgQP 8PVCKByGbygUqhazH4vUxDclFZowJX0DIX6kvvHHVQ3Sq1s1c84sdl2kwGXjtMl+Ar lMV51cG/A2fCz2uT4lWlw8f/2fBrXGj2+osNKntk= To: users@spamassassin.apache.org From: Olivier Coutu Subject: FROM_IN_TO_AND_SUBJ hits on emails with empty subject Message-ID: Date: Wed, 30 Jan 2019 14:29:57 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------6F5EC5840EC6016E13311072" Content-Language: en-US This is a multi-part message in MIME format. --------------6F5EC5840EC6016E13311072 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit meta           FROM_IN_TO_AND_SUBJ  (__TO_EQ_FROM && __SUBJ_HAS_FROM_1) header         __SUBJ_HAS_FROM_1    ALL =~ /\nFrom:\s+(?:[^\n<]{0,80}<)?([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*Subject:\s+[^\n]{0,100}\1[>,\s\n]/ism If the from and the to are identical and the subject is empty, this rule hits, e.g. From: customer@example.com Subject: To: "Scan PC" Since there is no restriction for \n in the \s+ after the subject, the /to/ in the next line is matched. An easy fix would be to change \s+ by [ \t]+ or something similar. The rule could also be cancelled by __SUBJECT_EMPTY --------------6F5EC5840EC6016E13311072 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit 
meta           FROM_IN_TO_AND_SUBJ  (__TO_EQ_FROM && __SUBJ_HAS_FROM_1)
header         __SUBJ_HAS_FROM_1    ALL =~ /\nFrom:\s+(?:[^\n<]{0,80}<)?([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*Subject:\s+[^\n]{0,100}\1[>,\s\n]/ism

If the from and the to are identical and the subject is empty, this rule hits, e.g.

From: customer@example.com
Subject: 
To: "Scan PC" <customer@example.com>

Since there is no restriction for \n in the \s+ after the subject, the to in the next line is matched. An easy fix would be to change \s+ by [ \t]+ or something similar. The rule could also be cancelled by __SUBJECT_EMPTY

--------------6F5EC5840EC6016E13311072--