spamassassin-dev September 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: [Bug 6664] New: check_freemail_header() misses

[Bug 6664] New: check_freemail_header() misses many domains

From: <bugzilla-daemon_at_nospam>
Date: Sun Sep 25 2011 - 19:23:42 GMT

             Bug #: 6664
           Summary: check_freemail_header() misses many domains
           Product: Spamassassin
           Version: 3.3.1
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Plugins
    Classification: Unclassified

Created attachment 4972
Patch to to catch freemail forgeries

FREEMAIL_FORGED_REPLYTO is missing about 50% of potential hits, because the
Reply-To address passed to _is_freemail() is usually terminated with a chevron
and/or newline. As a result it only matches the regexes ending .*. This is
because of a Perl programming error. What is intended is:

@@ -419,7 +423,7 @@

- my $email = lc($pms->get(index($header,':') ? $header : $header.":addr"));
+ my $email = lc($pms->get(index($header,':') >= 0 ? $header :

     if ($email eq '') {
         dbg("header $header not found from mail");

However, there are further issues I'd suggest fixing at the same time.
Firstly, a spammer wanting a reply to a freemail address might include it as
one of *multiple* addresses in a Reply-To header. Hence, each should be tested
for freemail and compared to the From.

Secondly, by adding an optional parameter for a header to compare to,
FREEMAIL_FORGED_REPLYTO could be made quite versatile and catch more freemail
spam in the first instance then FREEMAIL_REPLYTO (excluding lists and annoying
anomalies like Linkedin in the rules); also FREEMAIL_REPLYTO_END_DIGIT could
lose the FPs where From and Reply-To are equal (eg in a personalised Mailman
list); and various other combinations testing (X-)Sender and Errors-To against
>From become possible. (I've tested the variant rules against a live stream and
would like to submit them for mass testing and scoring in a separate bug.)

-- Configure bugmail: ------- You are receiving this mail because: ------- You are the assignee for the bug.