Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: devel

[Bug 5041] [review] do not use body/rawbody rules on CType 'message/partial '

  

 
SpamAssassin devel RSS feed   Index | Next | Previous | View Threaded


bugzilla-daemon at bugzilla

May 25, 2008, 2:13 PM

Post #1 of 5 (171 views)
Permalink
[Bug 5041] [review] do not use body/rawbody rules on CType 'message/partial '
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5041





--- Comment #28 from Daryl C. W. O'Shea <spamassassin[at]dostech.ca> 2008-05-25 14:13:49 PST ---
I'm still curious about the question I posed in comment #23. Does skipping a
message/partial part that actually contains the entire message open us up to an
easy way to bypass body scanning?


--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


bugzilla-daemon at bugzilla

May 26, 2008, 2:21 AM

Post #2 of 5 (159 views)
Permalink
[Bug 5041] [review] do not use body/rawbody rules on CType 'message/partial ' [In reply to]
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5041





--- Comment #29 from Justin Mason <jm[at]jmason.org> 2008-05-26 02:21:33 PST ---
(In reply to comment #28)
> I'm still curious about the question I posed in comment #23. Does skipping a
> message/partial part that actually contains the entire message open us up to an
> easy way to bypass body scanning?

It does -- I'll attach a sample to demo this -- but note that any use of
message/partial will fire FRAGMENTED_MESSAGE, for 2.5 points. so for spammers,
it'd be a question of how many body rules they could evade for a 2.5 point
penalty -- and it has no cloaking effect on the higher-scoring header/network
rules anyway...


--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


bugzilla-daemon at bugzilla

May 26, 2008, 2:22 AM

Post #3 of 5 (159 views)
Permalink
[Bug 5041] [review] do not use body/rawbody rules on CType 'message/partial ' [In reply to]
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5041





--- Comment #30 from Justin Mason <jm[at]jmason.org> 2008-05-26 02:22:30 PST ---
Created an attachment (id=4324)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4324)
a single-part message/partial test mail

GMail renders this correctly, SA only sees the headers (but fires
FRAGMENTED_MESSAGE)


--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


bugzilla-daemon at bugzilla

May 27, 2008, 2:30 AM

Post #4 of 5 (149 views)
Permalink
[Bug 5041] [review] do not use body/rawbody rules on CType 'message/partial ' [In reply to]
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5041





--- Comment #31 from Justin Mason <jm[at]jmason.org> 2008-05-27 02:30:39 PST ---
This gets trickier. message/partial can also contain headers -- not just the
message body. So a message/partial can override the To:, From: or Subject:
header easily enough. hmm... I'm starting to not like the current proposal :(

Should we change this algorithm?

- for the first chunk of a message/partial, decode and render it correctly.

- if the first chunk is less than some reasonable length threshold, fire an
additional penalty rule. (This is to avoid spammers fragmenting a message into
tiny chunks such that the first chunk contains nothing nasty)

- if the first chunk contains just message headers but no body, fire another
penalty. (this is to avoid spammers fragmenting so that the "real" body appears
in later, ignored chunks)

- for the second and later chunks, ignore but fire FRAGMENTED_MESSAGE.


ugh, this is tricky. suggestions?


--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


bugzilla-daemon at bugzilla

Jun 1, 2008, 3:36 AM

Post #5 of 5 (124 views)
Permalink
[Bug 5041] [review] do not use body/rawbody rules on CType 'message/partial ' [In reply to]
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5041


Justin Mason <jm[at]jmason.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|3.2.5 |3.2.6




--- Comment #32 from Justin Mason <jm[at]jmason.org> 2008-06-01 03:35:59 PST ---
I think we should push this off to 3.2.6 (if any 3.2.x release gets it), due to
lack of a conclusive plan of action and possible dangers of opening a
loophole...


--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

SpamAssassin devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.