Wednesday, 19 Dec 2018

Spamassassin 2010 bug

Someone on IRC pointed me to this wonderful bug in Spamassassin, it’s easy to quickfix, but the fix itself will become a bug in 10 years, in any case, until they push an update that correctly fixes this:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[1-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX      The date is grossly in the future.

( meaning emails sent in 2010  will also trigger the scoring )

should be changed into:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[2-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX      The date is grossly in the future.

Making it not a problem until we reach 2020 🙂

On my ubuntu box the rule is found in:

/usr/share/spamassassin/72_active.cf

Special thanks to Habbie for making me aware of the problem on IRC!

oh and by the way:

Happy New Year!

🙂

3 thoughts on “Spamassassin 2010 bug

  1. update: sa-update should now update 72_active.cf with the same ‘fix’ as above.

    it’s still a bit wobbly, as it leaves a yearly decreasing immense gap of dates spam could slip through. Anything send with a date between 1-1-2010 and 1-1-2020 is deemed ‘acceptable’, and will therefor not get a scoring appropriate to the situation.

  2. Gebruikers van een _echt_ OS kunnen uiteraard ook gebruik maken van sa-update. Ik draai het 1 keer per dag vanuit cron, en de fix was op 2 januari al automatisch geinstalleerd, in /var/db/spamassassin/3.002005/updates_spamassassin_org/.

  3. Het probleem was echter ook dat met sa-update soms de verkeerde bleef staan. Ik heb ‘t op meerdere systemen zien gebeuren.

    bovendien is 2 januari toch wel een beetje laat, voor iets wat vanaf 1-1-2010 al voor problemen begon te zorgen, en al tijden geleden aangepast was.

Leave a Reply

Your email address will not be published. Required fields are marked *