Mailing List Archive: address in from name, FromNameSpoof

Hello,

I got reports for multiple spams in form:

From: "<red?cted1 Martin, Ing.> Martin.redacted1@example.com"
<sasaki@taiheisya.com>
To: "?ed?cted xyz, Ing." <xyz.redacted2@example.com>
Subject: Fw: xyz.redacted2@example.com

(I intentionally kept some chars with diacritics because that was similar to
unredacted addresses looked like)

I was trying to catch these with FromNameSpoof plugin:

header L_FROMNAME_EMAIL eval:check_fromname_contains_email()
header L_FROMNAME_DIFFERENT eval:check_fromname_different()
header L_FROMNAME_OWNERS_DIFFER eval:check_fromname_owners_differ()
header L_FROMNAME_DOMAIN_DIFFER eval:check_fromname_domain_differ()
header L_FROMNAME_SPOOF eval:check_fromname_spoof()
header L_FROMNAME_EQUALS_TO eval:check_fromname_equals_to()
header L_FROMNAME_EQUALS_REPLYTO eval:check_fromname_equals_replyto()

neither of those nor any of _FNSFNAME*_ tags did hit
Am I expecting too much from FromNameSpoof?

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!

On 04.03.22 19:01, Matus UHLAR - fantomas wrote:
>I got reports for multiple spams in form:
>
>From: "<red?cted1 Martin, Ing.> Martin.redacted1@example.com"
> <sasaki@taiheisya.com>
>To: "?ed?cted xyz, Ing." <xyz.redacted2@example.com>
>Subject: Fw: xyz.redacted2@example.com
>
>(I intentionally kept some chars with diacritics because that was
>similar to unredacted addresses looked like)
>
>I was trying to catch these with FromNameSpoof plugin:
>
>header L_FROMNAME_EMAIL eval:check_fromname_contains_email()
>header L_FROMNAME_DIFFERENT eval:check_fromname_different()
>header L_FROMNAME_OWNERS_DIFFER eval:check_fromname_owners_differ()
>header L_FROMNAME_DOMAIN_DIFFER eval:check_fromname_domain_differ()
>header L_FROMNAME_SPOOF eval:check_fromname_spoof()
>header L_FROMNAME_EQUALS_TO eval:check_fromname_equals_to()
>header L_FROMNAME_EQUALS_REPLYTO eval:check_fromname_equals_replyto()
>
>neither of those nor any of _FNSFNAME*_ tags did hit
>Am I expecting too much from FromNameSpoof?

I'm getting there errors when processing such mail:

Mar 9 19:51:58.998 [27901] warn: Use of uninitialized value $owner in string ne at /usr/share/perl5/Mail/SpamAssassin/Plugin/FromNameSpoof.pm line 429.
Mar 9 19:51:58.999 [27901] warn: Use of uninitialized value $owner in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Plugin/FromNameSpoof.pm line 430.
Mar 9 19:51:58.999 [27901] warn: Use of uninitialized value $owner in string ne at /usr/share/perl5/Mail/SpamAssassin/Plugin/FromNameSpoof.pm line 429.
Mar 9 19:51:58.999 [27901] warn: Use of uninitialized value $owner in pattern match (m//) at /usr/share/perl5/Mail/SpamAssassin/Plugin/FromNameSpoof.pm line 433.
Mar 9 19:51:58.999 [27901] warn: Use of uninitialized value $tod{"domain"} in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Plugin/FromNameSpoof.pm line 408.

may there be caused by the invalid From: name above?

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.