6405 – HK_RANDOM_FROM and HK_RANDOM_ENVFROM too large

Bug 6405 - HK_RANDOM_FROM and HK_RANDOM_ENVFROM too large

Summary: HK_RANDOM_FROM and HK_RANDOM_ENVFROM too large

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	3.3.1
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-04-12 02:55 UTC by Jason Haar
Modified:	2011-10-29 01:40 UTC (History)
CC List:	1 user (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jason Haar 2010-04-12 02:55:50 UTC

Hi there

HK_RANDOM_FROM  scores 2.4 and HK_RANDOM_ENVFROM scores 0.6, so if a valid user happens to hit one of those two - they hit BOTH (because their From: matches their RP) and end up with 3.0 points.

We just had a legit mailing-list hit by this. I'd say it would be extremely likely for random-but-valid email addresses to hit these rules - I think they are way too large.

I'm reducing my score for starters :-)

Jason

Comment 1 Kevin A. McGrail 2011-10-29 01:40:14 UTC

Both these rules no longer exist just HK_RANDOM_ENVFROM but we will be soliciting more mass checkers so our corpora can be improved to rescore things automatically.

Do you possibly still have the email so we know what the valid but random looking address was?  Then I can check to see if it still hits on the rule.  

Otherwise considering fixed for now.