1140 – Would a DATE_ADDED_BY_MTA Rule make any sense?

Bug 1140 - Would a DATE_ADDED_BY_MTA Rule make any sense?

Summary: Would a DATE_ADDED_BY_MTA Rule make any sense?

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	2.42
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-10-23 07:45 UTC by Ken Causey
Modified:	2002-12-13 02:11 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ken Causey 2002-10-23 07:45:13 UTC

Here's the header of a recent spam.  Clearly the Received: headers are
problematic.  The first thing I would note is that surely there should not be a
Date: header above any Received: header.  Would adding a DATE_ADDED_BY_MTA rule
be useful?

Received: from mail.com (CacheFlowServer@[61.74.65.98])
        by mail.premiernet.net (8.12.6/8.12.6/Debian-6) with SMTP id g9N5CJGM020761
        for <japplin@premiernet.net>; Wed, 23 Oct 2002 00:12:24 -0500
Date: Wed, 23 Oct 2002 00:12:19 -0500
Received: from 224.186.92.119 ([224.186.92.119])
        by mta92.mail.yahoo.com with SMTP; Wed, 23 Oct 2002 13:12:36 -0400
Received: from mta92.mail.yahoo.com ([225.124.155.206])
        by 220.229.213.20 with SMTP; Wed, 23 Oct 2002 12:57:49 -0300
From: Patricia <support@mail.com>
To: <japplin@premiernet.net>
Subject: Hi
Message-Id: <10353931568212.15179@mail.com>
In-Reply-To: <28753130134074.394179@premiernet.net>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
Content-Disposition: inline
Content-transfer-encoding: base64
Content-Type: multipart/mixed;
boundary="_ndyqxa15XM3zv31aT2V8mo97Pr8M2ScJ8RxRa51BCgiN0sbJ"
X-Spam-Status: No, hits=4.7 required=5.0
        tests=BASE64_ENC_TEXT,CARRIAGE_RETURNS,HARDCORE_PORN,IN_REP_TO,
              LARGE_COLLECTION,SPAM_PHRASE_02_03,USER_AGENT_OE
        version=2.42
X-Spam-Level: ****
X-UIDL: `o(#!<dM!!1K4!!0!?!!
Status: RO

Comment 1 Justin Mason 2002-10-23 15:11:45 UTC

well, we did have something like this; I don't think the hit
rate worked out too well.  Problem is that many legit mass-mailers
do the same thing.  lame, but there you are.

If you write a rule, we'll test it, but I think the S/O ratio
will be hurt by this.

Comment 2 Ken Causey 2002-10-23 15:23:27 UTC

Could you define what you mean by "mass-mailers"?  Do you mean people like eBay,
UPS, airlines, stuff like that?  My experience with the smallish ISP where I use
SA is showing me that customers dislike mis-tagged messages more than the
occasional missed spam and that so many of these "valid" message sources are
going to end up tagged that I simply have to handle them one by one and
whitelist them and pray that they are willing to fight against identity-theft of
their domains.  I'm inclined to accept a rule like this even if it adds a few
more dozen whitelist entries for me.  I'll give an implementation some thought.
 Might the code be in the CVS logs somewhere?

On the other hand if you mean large mailers like yahoo or hotmail, then I guess
it's a different story.

Comment 3 Justin Mason 2002-10-23 15:35:18 UTC

yep, legit mass-mailers == airlines et al.  basically people who
do big mailshots now and again, to customers who've verified-opted-in
etc. ;)   they're the top FP source...

yep, the code should be in CVS somewhere off "rules/20_head_tests.cf";
look for a rule that matches against ALL, looking for Date: before
Received:

Comment 4 Justin Mason 2002-12-13 11:11:36 UTC

resolving until Ken gets back to us....