Mailing List Archive

There seems to have been -

https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?r1=1884188&r2=1884215&diff_format=h

Whilst this has my initials, it's actually in John's sandbox - I think this was a rule I submitted on the mailing list many moons ago.

The intention of this rule was to match two different addresses, but because I don't know about the other related changes I'll leave for JH to comment/adjust as needed

Paul

?On 10/12/2020, 10:33, "Benoit Branciard" <Benoit.Branciard@univ-paris1.fr> wrote:

Hello,

Have there been any changes to the __PDS_FROM_2_EMAILS rule recently on
3.004002 branch ?

Since latest update this night, we got significantly more matches of
meta rule PDS_FROM_2_EMAILS than previously, and for at least a dozen of
them, the rule triggered despite the fact that both addresses (in from
text and address) were strictly identical, like this :

From: "my.user@univ-paris1.fr" <my.user@univ-paris1.fr>

Until now I expected this rule to match *only* if from text and address
contained *different* addresses...

my /var/lib/spamassassin/3.004002/updates_spamassassin_org/72_active.cf
contains :

header __PDS_FROM_2_EMAILS From =~
/(?:\W|^)([\w+.-]+\@[\w.-]+\.\w\w++)(?:[^\n\w<]{0,80})?<(?!\1)[^\n\s]*\@/i


--
Benoit BRANCIARD
DSIUN: Direction du Système d'Information et des Usages Numériques
SIS: Pôle Infrastructures
Université Paris 1 Panthéon-Sorbonne
Centre Pierre Mendès France
90 rue de Tolbiac - 75634 Paris cedex 13 - France
Tél. +33 1 44 07 89 68 - Bur. A402
Accueil: +33 1 44 07 89 65 - Assistance-DSIUN@univ-paris1.fr
http://dsiun.univ-paris1.fr


--
Paul Stead
Senior Engineer
Zen Internet
Direct: 01706 902018
Web: zen.co.uk

Proud to be a certified B Corporation

This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.

Zen Internet Limited may monitor email traffic data to manage billing, to handle customer enquiries and for the prevention and detection of fraud. We may also monitor the content of emails sent to and/or from Zen Internet Limited for the purposes of security, staff training and to monitor quality of service.

Zen Internet Limited is registered in England and Wales, Sandbrook Park, Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01

Sorry for the garbage in the signature from my $work email..

On 10 Dec 2020, at 5:25, Benoit Branciard wrote:

> Have there been any changes to the __PDS_FROM_2_EMAILS rule recently
> on 3.004002 branch ?

SIDE NOTE: The default ruleset in only present on the "trunk" branch.
Version dependencies within the ruleset are handled by conditional
structures within the rules files.

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

On Thu, 10 Dec 2020, Benoit Branciard wrote:

> Have there been any changes to the __PDS_FROM_2_EMAILS rule recently on
> 3.004002 branch ?

Yes. I took another look at it prompted by the recent many-froms
discussion and did a little tuning.

> Since latest update this night, we got significantly more matches of meta
> rule PDS_FROM_2_EMAILS than previously, and for at least a dozen of them, the
> rule triggered despite the fact that both addresses (in from text and
> address) were strictly identical, like this :
>
> From: "my.user@univ-paris1.fr" <my.user@univ-paris1.fr>

It *should not* be doing that. I have test cases in my dev environment
like that and it doesn't hit them, but I will check again.

> Until now I expected this rule to match *only* if from text and address
> contained *different* addresses...

Correct.

> my /var/lib/spamassassin/3.004002/updates_spamassassin_org/72_active.cf
> contains :
>
> header __PDS_FROM_2_EMAILS From =~
> /(?:\W|^)([\w+.-]+\@[\w.-]+\.\w\w++)(?:[^\n\w<]{0,80})?<(?!\1)[^\n\s]*\@/i

The "(?!\1)" is intended to prevent that.

...okay, I found the problem. None of my tests had a username with a
period. Fixing.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
5 days until Bill of Rights day

Le 10/12/2020 à 17:08, John Hardin a écrit :
> ...okay, I found the problem. None of my tests had a username with a
> period. Fixing.

Good !

I cherry-picked your regex fix from
https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?r1=1884233&r2=1884284,
and confirmed it doesn't trigger anymore on identical
fisrtname.lastname@... addresses in from header.


Thanks !

--
Benoit BRANCIARD
DSIUN: Direction du Système d'Information et des Usages Numériques
SIS: Pôle Infrastructures
Université Paris 1 Panthéon-Sorbonne
Centre Pierre Mendès France
90 rue de Tolbiac - 75634 Paris cedex 13 - France
Tél. +33 1 44 07 89 68 - Bur. A402
Accueil: +33 1 44 07 89 65 - Assistance-DSIUN@univ-paris1.fr
http://dsiun.univ-paris1.fr

On Fri, 11 Dec 2020, Benoit Branciard wrote:

> Le 10/12/2020 à 17:08, John Hardin a écrit :
>> ...okay, I found the problem. None of my tests had a username with a
>> period. Fixing.
>
> Good !
>
> I cherry-picked your regex fix from
> https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?r1=1884233&r2=1884284,
> and confirmed it doesn't trigger anymore on identical fisrtname.lastname@...
> addresses in from header.
>
> Thanks !

Thank you for the report, and my apologies that I wasn't quite thorough
enough in my testing. :(

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
People think they're trading chaos for order [by ceding more and
more power to the Government], but they're just trading normal
human evil for the really dangerous organized kind of evil, the
kind that simply does not give a shit. Only bureaucrats can give
you true evil. -- Larry Correia
-----------------------------------------------------------------------
4 days until Bill of Rights day