RE: DATE_IN_FUTURE weirdness

[Andrew Daviel]

On Fri, 7 May 2010, Shadwick, Tony wrote:

> This is a known bug in older versions of SpamAssassin.  Either upgrade or 
> manually set that score to 0. :)

I upgraded to 3.3.1, but it didn't help (needed doing anyway, so my time 
wasn't really wasted).

I realized that the problem I was having, as seen by dumping $received
in _get_received_header_times() in 
site_perl/xxx/Mail/SpamAssassin/Plugin/HeaderEval.pm, was in the Received 
header synthesised by spamass-milter (and never seen by the recipient).
I was getting dates of 'Tue, 20 Apr 2010 09:07:15 -0700' instead of the 
current one, prompting DATE_IN_FUTURE_96_Q or the older 
DATE_IN_FUTURE_96_XX
I still don't understand - basically I recompiled the milter and the 
problem went away. I'm not sure whether the value of macro_b passed from 
sendmail was corrupted, or the one faked up from localtime if it was missing.

I also faked up a data field so I could whitelist authenticated sessions 
(where the user logged in with a password before sending mail). I could 
not be bothered to reproduce the exact sendmail string (besides, Postfix 
does it different, so I already have 2 filters).

spamass-milter.cpp:
+          const char *macro_authtype ;
+          macro_authtype = smfi_getsymval(ctx, "{auth_type}") ;

+          if (!macro_authtype) macro_authtype = "NONE" ;
           assassin->output((string)
                        "Received: from "+macro_s+" ("+macro__+")\r\n\t"+
+                       "(authentication "+macro_authtype+")\r\n\t"+
                        "by "+....



/etc/mail/spamassassin/local.cf:
# add -10 for auth_type LOGIN or PLAIN etc.
header SMTP_AUTH3   Received =~ /authentication [^N][\w].{1,80}by 
mx.example.com/
score SMTP_AUTH3 -10
describe SMTP_AUTH3 Sender logged in to our mailserver

I note that SpamAssassin now supports "msa_networks" for whitelisting 
authenticated logins. The way I read the docs, that only works for an 
external MTA - SA assumes that if it received mail from it it must have 
been authenticated, it doesn't actually check. You cannot use 
msa_networks on an MTA with an MX record or it will whitelist everything.



> -----Original Message-----
> Sent: Friday, May 07, 2010 1:13 PM
> To: spamass-milt list
> Subject: DATE_IN_FUTURE weirdness
..
> I noticed that sometimes I get spurious DATE_IN_FUTURE_96_XX tags when
> sending direct to the main MTA (the one with SA) with Alpine or
> Thunderbird. But not when I try "by hand" with netcat.





--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
Network Security Manager