Bug 131580 - (IT_48576) osirusoft.com RBL in default config causes false positives
osirusoft.com RBL in default config causes false positives
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: spamassassin (Show other bugs)
3.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Chip Turner
http://thread.gmane.org/gmane.mail.sp...
:
Depends On:
Blocks: 123574
  Show dependency treegraph
 
Reported: 2004-09-02 10:52 EDT by Keith McDuffee
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-21 16:31:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Keith McDuffee 2004-09-02 10:52:47 EDT
Description of problem:

Using the default configuration of spamassassin, there are rules
included for the following in /usr/share/spamassassin/20_head_tests.cf:

RCVD_IN_ORBS
RCVD_IN_OSIRUSOFT_COM
X_OSIRU_OPEN_RELAY

These rules check a now defunct due to osirusoft.com no longer being a
RBL source.  According to this page:

http://thread.gmane.org/gmane.mail.spam.spamassassin.general/36907

osirusoft.com has decided to consider ALL sites as open relays in
order to force people to stop using them as a source.  Since RHEL3u2
still has these rules in place, there are several false positived for
every mail checked.

Version-Release number of selected component (if applicable):

spamassassin-2.55-3.1

How reproducible:

Use default /etc/mail/spamassassin/local.cf configuration (i.e., do
not alter scoring of rules mentioned above).

Recommended resolution:

Update at least to version 2.61 of spamassassin, which does not
contain the errant rules.
Comment 2 Sean E. Millichamp 2004-09-02 12:22:26 EDT
I second this suggestion.  

While I know I can I override these rules in local.cf, I think
SpamAssassin should ship with a sensible ruleset in an enterprise
product and if the definition of "sensible" changes from the original
release then it is time to issue an update.

Ideally, I would like to see a SpamAssassin 2.6x (2.64 maybe?) update
pushed out in RHEL3.  When I switched my servers to RHEL3 I ended up
having to downgrade to the shipped SA 2.55 on a few of them and it
seems to do a far worse job then the 2.6x series.
Comment 3 Jeff Needle 2004-09-07 08:28:28 EDT
We'll get this addressed.  In the meanwhile, you can add these lines to 
/etc/mail/spamassassin/local.cf to skip the Osirusoft checks:

score   RCVD_IN_OSIRUSOFT_COM   0
score   X_OSIRU_DUL             0
score   X_OSIRU_DUL_FH          0
score   X_OSIRU_OPEN_RELAY      0
score   X_OSIRU_SPAM_SRC        0
score   X_OSIRU_SPAMWARE_SITE   0
Comment 4 Chip Turner 2004-10-11 11:03:14 EDT
rules have been zeroed out in cvs.  uncertain as of yet which U release this will make it out 
in.
Comment 5 John Flanagan 2004-12-21 16:31:24 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-598.html

Note You need to log in before you can comment on or make changes to this bug.