Bug 2645 - blacklist check fails with special character
Summary: blacklist check fails with special character
Status: RESOLVED WORKSFORME
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (Eval Tests) (show other bugs)
Version: 2.60
Hardware: PC Linux
: P5 minor
Target Milestone: 3.1.0
Assignee: SpamAssassin Developer Mailing List
URL: http://mike.passwall.com/sa/bug1.eml
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-10-29 11:05 UTC by ME
Modified: 2004-11-05 12:18 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description ME 2003-10-29 11:05:22 UTC 
I have a sample message that did not seem to be counted as blacklisted even though 
it should have been.

I have blacklist entries like this:
blacklist_from *@dq07.net
blacklist_from *@*.dq07.net

and I have verified the "0" is zero and not an Oh in both the blacklist and the
e-mail message.

Other messages from this domain seem to trigger the blacklist.

However, the message available for download at the above URL did not seem to get
marked as a blacklisted message. The only real difference I see is the inclusion
of the "}" character in the username field.

I am using SA 2.6.0

If you need more information, please let me know.
Comment 1 Fred T 2004-01-19 04:40:03 UTC 
The URL is no longer valid, can you post a sample message to this webpage or 
close this ticket?
Comment 2 ME 2004-01-19 09:33:32 UTC 
Subject: Re:  blacklist check fails with special character

When I originally submitted the bug report I included a URL:
http://mike.passwall.com/sa/bug1.eml

That URL is still valid and functional. I have checked from 3 different
locations and each is able to load the page. (Colocation facility, home,
and a local uni.)

That URL contains the message that did not get marked as spam by 2.60 when
the domain (dq07.net) was blacklisted with:
blacklist_from *@*.dq07.net
and
blacklist_from *@dq07.net

However, messages prior to this one and after this one were marked as
spam. The only obvious difference appears to be the '}' in the username
field.

Does this page not load for you?

Also, I am on 2.62 now. That was reported when I was on 2.60

Please let me know if there is more information that can help you.

-ME

bugzilla-daemon@bugzilla.spamassassin.org said:
> http://bugzilla.spamassassin.org/show_bug.cgi?id=2645
>
>
>
>
>
> ------- Additional Comments From tech2@i-is.com  2004-01-19 04:40 -------
> The URL is no longer valid, can you post a sample message to this webpage
> or
> close this ticket?
>
>
>
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
>
>
Comment 3 Fred T 2004-01-19 10:01:39 UTC 
My inability to load this page was a bug in Outlook Express / Internet 
Explorer, when I click your like I get:
mhtml:http://mike.passwall.com/sa/bug1.eml
And a standard IE error page about page not available, blah blah.  I seen this 
eariler but didn't notice my systems were changing the URL after I click the 
link.. my bad!
Comment 4 ME 2004-01-19 20:30:49 UTC 
Subject: Re:  blacklist check fails with special character

Sounds like a client-side OS application/OS processing of the message by
MIME-type/extention.

I have duplicated the file and made it available with a ".txt" extention
so now these two URL offer file with the same contents:

http://mike.passwall.com/sa/bug1.eml
http://mike.passwall.com/sa/bug1.txt

The .txt should allow nearly all browsers to show the message contents
without problem.

-ME

> ------- Additional Comments From tech2@i-is.com  2004-01-19 10:01 -------
> My inability to load this page was a bug in Outlook Express / Internet
> Explorer, when I click your like I get:
> mhtml:http://mike.passwall.com/sa/bug1.eml
> And a standard IE error page about page not available, blah blah.  I seen
> this
> eariler but didn't notice my systems were changing the URL after I click
> the
> link.. my bad!
>
>
>
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
>
>
Comment 5 Pete Hanson 2004-03-30 08:20:13 UTC 
If the From: header contains a punctuation character immediately prior to the @
character in the email address, the blacklist mechanism breaks down.  For
example, assume the user has:

    blacklist_from *@world.std.com

If sent mail with a From address of something like:

    a?@world.std.com

the message won't be marked with USER_IN_BLACKLIST:

>From phanson@well.com  Mon Mar 29 00:24:50 2004Return-Path: <phanson@well.com>
>Date: Mon, 29 Mar 2004 00:24:49 -0800 (PST)
>Message-Id: <200403290824.i2T8On0X027041@well.com>
>To: vanilla@well.com
>From: Keith Dawson <a?@world.std.com>Subject: TBTF ping for 2001-04-20: >Reviving
>X-Spam-Checker-Version: SpamAssassin 2.63-the_well_u (2004-01-11) on
>    user.well.com
>X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no
>    version=2.63-the_well_u
>X-Spam-Level:
>
>Blah

If the punctuation character is not the last character prior to the @, the
blacklist mechanism appears to work:

>From phanson@well.com  Mon Mar 29 00:24:40 2004
>Return-Path: <phanson@well.com>
>Date: Mon, 29 Mar 2004 00:24:38 -0800 (PST)
>Message-Id: <200403290824.i2T8Ocju026790@well.com>
>To: vanilla@well.com
>From: Keith Dawson <?a@world.std.com>
>Subject: (SPAM?) TBTF ping for 2001-04-20: Reviving
>X-Spam-Flag: YES
>X-Spam-Checker-Version: SpamAssassin 2.63-the_well_u (2004-01-11) on
>    user.well.com
>X-Spam-Report:
>    *  100 USER_IN_BLACKLIST From: address is in the user's black-list
>X-Spam-Status: Yes, hits=100.0 required=5.0 tests=USER_IN_BLACKLIST
>    autolearn=no version=2.63-the_well_u
>X-Spam-Level: **************************************************
>
>Blah

The precise character used doesn't seem to matter - if it isn't alphanumeric, a
hyphen, or an underscore, SA seems to get confused.
Comment 6 Daniel Quinlan 2004-08-27 17:18:00 UTC 
more accuracy and performance bugs going to 3.1.0 milestone
Comment 7 Theo Van Dinter 2004-11-05 21:18:48 UTC 
I can't reproduce this in the 3.0 code.  if it's still an issue for you, we can reopen the ticket.