bugzilla-daemon at bugzilla
May 21, 2012, 11:36 AM
Post #5 of 6
--- Comment #9 from Mark Martinec <Mark.Martinec [at] ijs> ---
Observed 3800 messages which hit MULTI_FROM_BAD during the last four days.
Among these there were three legitimate mail messages with two addresses
in a From, and a missing Sender (a conference registration confirmation
or paper submissions). These were genuine false positives (of which one
was quarantined for exceeding a spam threshold, while the other two
were rescued by other rules).
Besides the above three, there were three additional false positives, where
my version of MULTI_FROM_ADDR misfired. These three were a result of a
B64-encoded display name in the iso-2022-jp character set, which happened
to contain bytes '@' and ',' in the b64-decoded string.
The string that was matched looked like (somewhat obfuscated):
_$B:#1xxf_(B _$B@5,_(B <xxx [at] example>
It is most unfortunate that the :addr modifier only returns the first
of multiple addresses (in a To, From, Cc, ...), which means it can't
be used in counting the number of e-mail addresses in a From.
It also seems wrong to do the manual (in-the-rule) parsing *after*
the QP or B decoding, so apparently the :raw form must be used,
which means having to deal with folding, comments, display names,
and a group name.
You are receiving this mail because:
You are the assignee for the bug.