spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matus UHLAR - fantomas <uh...@fantomas.sk>
Subject Re: MISSING_SUBJECT rule on email with subject
Date Tue, 04 Jun 2019 14:37:50 GMT
On 04.06.19 16:29, Stephan Fourie wrote:
>My apologies, seems something went wrong with the formatting when it 
>was pasted to the pastebin. Here's a new example with spacing intact: 
>https://pastebin.com/raw/tQtSMQPs
>
>In this example some of the other headers were also not 'seen'.

there's something strange:

  1.0 HK_RANDOM_FROM         From username looks random
  0.5 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (xxxxxxxxxxxxx[at]gmail.com)


  1.0 MISSING_FROM           Missing From: header
  1.8 MISSING_SUBJECT        Missing Subject: header

so the spam scanner both did and did not see the From: header.

What do you use for mail scanning? 

>On 2019/06/04 10:55, Matus UHLAR - fantomas wrote:
>>>>On 3 Jun 2019, at 2:20, Stephan Fourie wrote:
>>>>> We're currently seeing the rule MISSING_SUBJECT sporadically
>>>>> hitting on emails that have a subject. This issue seems to have
>>>>> started during last week, which is when clients started complaining
>>>>> about false positive detections. Please see example headers at the
>>>>> following link:
>>>>>
>>>>> https://pastebin.com/raw/GtnV67Hj
>>
>>>On Mon, 03 Jun 2019 11:43:44 -0400 Bill Cole wrote:
>>>>The headers are all missing the traditional space between the colon
>>>>and the header content.
>>
>>On 03.06.19 19:11, RW wrote:
>>>And this include google headers, so presumably the spaces have been
>>>stripped locally.
>>
>>now one question is,
>>if the spaces have been stripped prior to spam checking,
>>another is,
>>if SA does/should expect whitespaces after header fields.
>>
>>if the first answer is true, then SA can't do much about misformatted
>>e-mail.
>>
>>But since FROM_AND_TO_IS_SAME_DOMAIN was hit, I don't think the 
>>spaces were
>>stripped, so
>>
>>- we need to see the original message as it was scanned. Anything else,
>> reformated by anyone (e.g. outlook or exchange use to reformat mail),
>>can't help us much finding the issue.
>>
>

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

Mime
View raw message