7878 – SHORT_SHORTNER hits mails with bodies larger than 512 bytes

Bug 7878 - SHORT_SHORTNER hits mails with bodies larger than 512 bytes

Summary: SHORT_SHORTNER hits mails with bodies larger than 512 bytes

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	3.4.4
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-01-06 10:38 UTC by Dan Malm
Modified:	2021-01-06 13:20 UTC (History)
CC List:	2 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
1024+ byte body and youtu.be link	message/rfc822			None	Dan Malm
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dan Malm 2021-01-06 10:38:50 UTC

Created attachment 5735 [details]
1024+ byte body and youtu.be link

Since 2021-01-05 the amount of mails hitting SHORT_SHORTNER has increased with more than 2000%...

Some testing shows me that
1: It hits mails with body larger than 512 bytes
2: youtu.be is considered an url shortener

As far as I can tell the __PDS_MSG_512 meta rule that SHORT_SHORTNER is based on should only trigger for bodies smaller than 512B, should it not?

I can't say I really agree with the classification of youtu.be as a urlshortener either, but that's not the main problem here, the body size is. As far as I know youtu.be can only be used for links to youtube videos and is not a all purpose shortener.

Including example mail trigger the rule. It has 1024 bytes of lorem ipsum in body, and a youtu.be link

Comment 1 Paul Stead 2021-01-06 10:46:44 UTC

The 512 byte issue was introduced by a quoted-printable count addition, which wasn't counting properly.

The erroneous counting was removed in https://svn.apache.org/viewvc?view=revision&revision=1885113

I have dropped youtu.be from the URI shorteners list - I'd agree this is a special type of shortener and shouldn't be included.

Sending        20_urlshort.cf
Transmitting file data .done
Committing transaction...
Committed revision 1885193.

Comment 2 RW 2021-01-06 13:20:06 UTC

I think that:

   rawbody __MIME_QPC           eval:check_for_mime('mime_quoted-printable_count')

should be

   rawbody __MIME_QPC           eval:check_for_mime('mime_qp_count')

The former is presumably giving __MIME_QPC a value of 0.