#453 FORGED_MUA_THEBAT_CS: The Bat! and Spamassassin

Mailman 2.2 / 3.0
open
nobody
5
2007-09-27
2007-09-27
Julian Ladisch
No

The mail user agent "The Bat!" creates header lines like this if there is some non-ascii character like a umlaut (ä):

X-Mailer: The Bat! (v2.00)
Content-Type: text/plain; charset=ISO-8859-15

"The Bat!" never puts quotes around the charset. Mailman's Decorate.py changes this to:

X-Mailer: The Bat! (v2.00)
Content-Type: text/plain; charset="iso-8859-15"

Spamassassin has a spam detection rule that triggeres if X-Mailer contains "The Bat!" and there are quotes around the charset. The rule is named FORGED_MUA_THEBAT_CS and is located in rules/20_ratware.cf
http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_2_3/rules/20_ratware.cf

My patch renames X-Mailer to X-X-Mailer. That prevents triggering the rule without information loss.

I've tested the patch that applies to 2.1.7 and it works for me. I havn't tested the patch for trunk (8228).

Discussion

  • Julian Ladisch
    Julian Ladisch
    2007-09-27

    rename X-Mailer: The Bat! to X-X-Mailer: The Bat!

     
  • Julian Ladisch
    Julian Ladisch
    2007-09-27

    rename X-Mailer: The Bat! to X-X-Mailer: The Bat!

     
    Attachments
  • Julian Ladisch
    Julian Ladisch
    2007-09-27

    Logged In: YES
    user_id=561017
    Originator: YES

    File Added: Decorate.py-8228.diff

     
  • Mark Sapiro
    Mark Sapiro
    2007-09-27

    Logged In: YES
    user_id=1123998
    Originator: NO

    If you really want to nullify this spamassassin test, why not just put

    score FORGED_MUA_THEBAT_CS 0 0 0 0

    in the appropriate spamassassin user_prefs file?

     
  • Julian Ladisch
    Julian Ladisch
    2007-09-28

    Logged In: YES
    user_id=561017
    Originator: YES

    Mailman delivers the email to all subscribers of the mailing list. Spamassassin runs on the mail servers of the subscribers. I don't have access to the configuration of these mail servers, so I cannot nullify that spamassassin test.

    For discussing improvements to spamassassin regarding this bug please use http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5658

    However, as many sites don't update spamassassin frequently we should consider patching Mailman as well.