Tech Haven Network

Neocron 2 news, Forums and Rares Database
https://forum.techhaven.org/

THN Activation email score highly on 2 SpamAssassin rules

https://forum.techhaven.org/viewtopic.php?f=72&t=3533

Page 1 of 1

THN Activation email score highly on 2 SpamAssassin rules

PostPosted: Sun Mar 24, 2013 7:30 pm
by zii
Hi there,

I noticed activation email hits two high scoring rules in SpamAssassin.
The two that stand out are :
3.5 PHP_NOVER_MUA Mail from PHP with no version number
3.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool

May I suggest THN formats the email. Just hitting on one of the above instead of two would be a marked improvement. 3.5 *2 is pretty harsh ;)


Code: Select all
Return-Path: <www-data@tertial.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on klunky.co.uk
X-Spam-Flag: YES
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.7 required=4.0 tests=BAYES_20,JOB_OFFERS_PHASES,
   MTX_FAIL,PHP_NOVER_MUA,RDNS_NONE,TO_NO_BRKTS_MSFT shortcircuit=no
   autolearn=no version=3.3.2
X-Spam-Report:
   * -0.1 JOB_OFFERS_PHASES BODY: Phrases typical of English language job
   *      offers
   *  0.0 MTX_FAIL MTX: Failed: http://www.chaosreigns.com/mtx/
   * -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20%
   *      [score: 0.0989]
   *  0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
   *  3.5 PHP_NOVER_MUA Mail from PHP with no version number
   *  3.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool

PostPosted: Mon Mar 25, 2013 12:38 am
by nEo-1664
For the time being, I dont think we can do a huge amount, but we are looking at migrating the THN to more up to date systems, but I will let Brammers fill in the details :)

PostPosted: Mon Mar 25, 2013 12:56 am
by Brammers
Thanks for reporting the issue. :)

I find the TO_NO_BRKTS_MSFT rules odd considering the THN sends out clear text emails, not HTML ones.

PHP_NOVER_MUA I think is daft as I'm not going to advertise what PHP version I'm running here.

When the next upgrade of the THN comes I'll move it to the new mailer I have available. (Coming soon!)

PostPosted: Mon Mar 25, 2013 4:28 pm
by zii
Hi B,

I tried to run through the rules but, as expected, the rules are metas of meta rules. I have no read idea what caused TO_NO_BRKTS_MSFT to trip.

I noticed that the the header "MIME-Version: 1.0" is present. I though (and could be really wrong) )one should use the MIME-Version: 1.0 header when sending an email that contains one of the following:

Text in character sets other than ASCII
Non-text attachments
Message bodies with multiple parts
Header information in non-ASCII character sets



Rules: (kind of of messy below) I won't follow these though and try to understand the regex I find as I'll be there all day :D
Code: Select all
# grep -r TO_NO_BRKTS_MSFT /usr/share/spamassassin/*
72_active.cf:##{ TO_NO_BRKTS_MSFT
72_active.cf:meta       TO_NO_BRKTS_MSFT         __TO_NO_BRKTS_MSFT && !__VIA_ML && !__LYRIS_EZLM_REMAILER && !__THREAD_INDEX_GOOD && !__IS_EXCH && !__UNSUB_LINK && !__NOT_SPOOFED && !__DOS_HAS_LIST_UNSUB && !__NAME_EQ_EMAIL
72_active.cf:describe   TO_NO_BRKTS_MSFT         To: misformatted and supposed Microsoft tool
72_active.cf:#score      TO_NO_BRKTS_MSFT         0.20
72_active.cf:##} TO_NO_BRKTS_MSFT
72_active.cf:meta       __TO_NO_BRKTS_MSFT       __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && (__ANY_OUTLOOK_MUA || __HAS_MIMEOLE || __MIMEOLE_MS)
72_scores.cf:score TO_NO_BRKTS_MSFT                      0.199 0.199 0.199 0.199



Rgds, z
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/