131580 – (IT_48576) osirusoft.com RBL in default config causes false positives

Bug 131580 (IT_48576) - osirusoft.com RBL in default config causes false positives

Summary: osirusoft.com RBL in default config causes false positives

Keywords:
Status:	CLOSED ERRATA
Alias:	IT_48576
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	spamassassin
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Chip Turner
QA Contact:
Docs Contact:
URL:	http://thread.gmane.org/gmane.mail.sp...
Whiteboard:
Depends On:
Blocks:	123574
TreeView+	depends on / blocked

Reported:	2004-09-02 14:52 UTC by Keith McDuffee
Modified:	2007-11-30 22:07 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-12-21 21:31:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2004:598	0	normal	SHIPPED_LIVE	Updated spamassassin package	2004-12-21 05:00:00 UTC

Description Keith McDuffee 2004-09-02 14:52:47 UTC

Description of problem:

Using the default configuration of spamassassin, there are rules
included for the following in /usr/share/spamassassin/20_head_tests.cf:

RCVD_IN_ORBS
RCVD_IN_OSIRUSOFT_COM
X_OSIRU_OPEN_RELAY

These rules check a now defunct due to osirusoft.com no longer being a
RBL source.  According to this page:

http://thread.gmane.org/gmane.mail.spam.spamassassin.general/36907

osirusoft.com has decided to consider ALL sites as open relays in
order to force people to stop using them as a source.  Since RHEL3u2
still has these rules in place, there are several false positived for
every mail checked.

Version-Release number of selected component (if applicable):

spamassassin-2.55-3.1

How reproducible:

Use default /etc/mail/spamassassin/local.cf configuration (i.e., do
not alter scoring of rules mentioned above).

Recommended resolution:

Update at least to version 2.61 of spamassassin, which does not
contain the errant rules.

Comment 2 Sean E. Millichamp 2004-09-02 16:22:26 UTC

I second this suggestion.  

While I know I can I override these rules in local.cf, I think
SpamAssassin should ship with a sensible ruleset in an enterprise
product and if the definition of "sensible" changes from the original
release then it is time to issue an update.

Ideally, I would like to see a SpamAssassin 2.6x (2.64 maybe?) update
pushed out in RHEL3.  When I switched my servers to RHEL3 I ended up
having to downgrade to the shipped SA 2.55 on a few of them and it
seems to do a far worse job then the 2.6x series.

Comment 3 Jeff Needle 2004-09-07 12:28:28 UTC

We'll get this addressed.  In the meanwhile, you can add these lines to 
/etc/mail/spamassassin/local.cf to skip the Osirusoft checks:

score   RCVD_IN_OSIRUSOFT_COM   0
score   X_OSIRU_DUL             0
score   X_OSIRU_DUL_FH          0
score   X_OSIRU_OPEN_RELAY      0
score   X_OSIRU_SPAM_SRC        0
score   X_OSIRU_SPAMWARE_SITE   0

Comment 4 Chip Turner 2004-10-11 15:03:14 UTC

rules have been zeroed out in cvs.  uncertain as of yet which U release this will make it out 
in.

Comment 5 John Flanagan 2004-12-21 21:31:24 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-598.html

Note You need to log in before you can comment on or make changes to this bug.