[tech] Problem with KAS and SpamAssassin
David Basden
davidb at shikita.rcpt.to
Wed Dec 29 12:59:32 WST 2004
On Sun, Dec 26, 2004 at 05:29:48PM +0800, Alastair Irvine wrote:
> On Wed, 15 December, 2004 at 10:43:33AM +0800, David Basden wrote:
> > Could you please send on all the message headers? Also, if you have
> > them, and it's very definately a trusted source, headers from
> > other messages sent by the same mailer?
>
> The only other examples I have with this exact MUA version are from the
> Eidolist, which munges the Received lines. Searching for the first three
> components of the version number yielded no matching e-mails with
> hotmail.com From addresses.
>
> It looks like the e-mail in question (munged headers attached) has been
> through a non-standards-compliant Microsoft MTA, which added an invalid
> Received line. ("phx.gbl")
*nods* You can probably change the weighting of that particular rule
for your personal spam filtering (spam assassin allows weight changes
on a per user basis, but not normally changing of the rules themselves
by default). The correct place to change the rule itself is upstream
with the spamassassin distribution.
> > It's not just looking at X-Mailer, it's looking at quite a few
> > different headers, and checking that they are the same as generated
> > by specific versions of OE.[0] There seems to be spam mailers that
> > make small errors in the headers that wouldn't be made by OE.
>
> The message ID did not match either of the two patterns mentioned by luyer.
Yeah, it's annoying. They've got a list of the combinations of headers
used by each specific Microsoft MTA, and if one of them doesn't match,
the rule is matched.
Unfortunately, the Microsoft MTA matching seems to be quite good at
picking up some of the harder to find spam, but if it's giving you
false positives, tweaking the weighting for that rule is probably going
to be the best bet.
> > [0] mooneye:/usr/share/spamassassin/20_ratware.cf (lines 115-134)
>
> I don't have access to this as I'm not in wheel.
Take a look on mussel. The versions are similar. I'll see if I can take
a harder look later on, when i'm a bit less fuzzy.
David
(who should find a shaver to deal with the fuzzyness thing)
More information about the tech
mailing list