Bug 6062 - barracude headers triggers FP on WEIRD_PORT
Summary: barracude headers triggers FP on WEIRD_PORT
Status: NEW
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 3.2.5
Hardware: Other All
: P5 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-09 08:57 UTC by Michael Scheidell
Modified: 2009-02-09 09:43 UTC (History)
0 users



Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Scheidell 2009-02-09 08:57:22 UTC
the inclusion of an email forwared from a barracuda, with 'headers' included, and this in the email:


x-barracuda-url:http://10.10.20.91:8000/cgi-bin/mark.cgi

which is possible in every email outbound from a barracuda, rule triggers 'WEIRD_PORT'

suggest excluding '^x-barracuda-url:http' from WEIRD_PORT tests.


rule has low score (0.001) UNLESS BAYES OR NET NOT ACTIVE

score WEIRD_PORT 1.599 1.499 1.089 0.001

(a 1.6 score could block an email from barracuda users, again, only if a full email, with headers is sent)
Comment 1 Karsten Bräckelmann 2009-02-09 09:14:08 UTC
MSECS      SPAM%     HAM%     S/O    RANK   SCORE  NAME WHO/AGE
0.00000   0.0031   0.1054   0.029    0.37    1.60  WEIRD_PORT  

It's an under-performer anyway. Really poor S/O. Probably better to remove it altogether.
Comment 2 Justin Mason 2009-02-09 09:43:22 UTC
(In reply to comment #1)
> It's an under-performer anyway. Really poor S/O. Probably better to remove it
> altogether.

I'd prefer to keep it as an informational rule (locked to 0.0001 or similar).
occasionally it shows up in bad stuff (like phishing) as a good potential
meta subrule.