Bug 519 - Problem with FORGED_JUNO_RCVD rule
Summary: Problem with FORGED_JUNO_RCVD rule
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 2.31
Hardware: Other other
: P2 normal
Target Milestone: ---
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-07-06 07:20 UTC by Ed Henderson
Modified: 2002-07-08 22:49 UTC (History)
1 user (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Match either brackets or parens around juno IP address patch None Bart Schaefer [NoCLA]
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ed Henderson 2002-07-06 07:20:19 UTC 
This rule is misfiring on alot of legit Juno emails.  It is especially 
troublesome since it has a score of 4.4!  Here are some headers from such a 
message:

Return-Path: <ronannasmith@juno.com>
Delivered-To: certainty.net-alkratz@certainty.net
Received: (qmail 28710 invoked by uid 114); 1 Jul 2002 18:20:56 -0400
Received: from ronannasmith@juno.com by gen by uid 111 with qmail-scanner-1.12 
(sophie: 2.10/3.58. .
 Clear:. Processed in 0.250327 secs); 01 Jul 2002 22:20:56 -0000
Received: from m4.jersey.juno.com (64.136.22.67)
  by mail.certainty.net with SMTP; 1 Jul 2002 18:20:55 -0400
Received: from cookie.juno.com by cookie.juno.com for 
<"l4iOzAxmPs9ItSX3dwuqAWcOtZpvrz+L/3XD4aho3uppuWePD5Yo2A==">
Received: (from ronannasmith@juno.com)
 by m4.jersey.juno.com (jqueuemail) id G6NS6BH5; Mon, 01 Jul 2002 18:19:10 EDT
To: alkratz@certainty.net
Date: Mon, 1 Jul 2002 18:12:01 -0400
Message-ID: <20020701.181211.-1023413.8.RonAnnaSmith@juno.com>
X-Mailer: Juno 4.0.11
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Juno-Line-Breaks: 0,5,8-10
X-Juno-Att: 0
X-Juno-RefParts: 0
From: Ronald E Smith <ronannasmith@juno.com>
X-Spam-Status: Yes, hits=5.1 required=5.0
        tests=SUBJ_MISSING,DEAR_SOMEBODY,FORGED_JUNO_RCVD,AWL
        version=2.31
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Checker-Version: SpamAssassin 2.31 (devel $Id: SpamAssassin.pm,v 
1.94.2.2 2002/06/20 17:20:29 hughescr Exp $)
X-Spam-Report:   5.1 hits, 5 required;
  *  1.4 -- Subject: is empty or missing
  * -0.7 -- BODY: Contains 'Dear Somebody'
  *  4.4 -- 'From' juno.com does not match 'Received' headers
  * -0.0 -- AWL: Auto-whitelist adjustment
Comment 1 Bart Schaefer 2002-07-06 07:36:08 UTC 
The problem appears to be that check_for_forged_juno_received() requires the IP
address to appear in square brackets:

Mail::SpamAssassin::PerMsgStatus::check_for_forged_juno_received_headers(/usr/lib/perl5/site_perl/5.005/Mail/SpamAssassin/EvalTests.pm:360):
360:        if($rcvd !~
/from.*juno\.com.*\[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\].*by/) { return 1; }

But in the actual header it appears in parentheses:

Received: from m4.jersey.juno.com (64.136.22.67)
  by mail.certainty.net with SMTP; 1 Jul 2002 18:20:55 -0400

This is in the "new-style Juno" branch of the conditional, so it appears that
the test was updated for some change in Juno's setup but didn't quite get it.
Comment 2 Bart Schaefer 2002-07-06 08:13:03 UTC 
Created attachment 210 [details]
Match either brackets or parens around juno IP address
Comment 3 Bart Schaefer 2002-07-06 08:15:44 UTC 
The attached patch also fixes check_for_from_domain_in_received_headers() per my
comment appended to bug #499.
Comment 4 Justin Mason 2002-07-08 07:57:44 UTC 
ok -- fixed the test to consider Received headers with "cookie.juno.com"
as OK.
Comment 5 Bart Schaefer 2002-07-09 06:49:00 UTC 
        && $rcvd !~ / cookie.juno.com /)

Shouldn't those dots be backslashed?