[Mailman-Users] Attempt to block spam using X-Spam-Flag blocks allmessages to list

Dragon dragon at crimson-dragon.com
Sat Jan 20 05:31:51 CET 2007 

Mark Sapiro sent the message below at 06:08 PM 1/19/2007:
>Kelly Jones wrote:
>
> >One of my users added this as a spam filter:
> >
> >^x-spam-flag:.*yes
> >
> >(all lower case since spamfilter regexps are case-insensitive--
> >hyphens not backslashed by accident),
>
>
>It doesn't matter. '-' has no special meaning.

In this case, that is correct. The hyphen DOES have special meaning 
in a character class such as [0-9] which will match all numerals.


> >and the list started dropping
> >ALL emails. Why?
> >
> >We're running SpamAssassin on another box (mail gets forwarded to the
> >"mailman box" after SpamAssassin is done with it), and I've confirmed
> >that SpamAssassin is running properly and not setting "X-Spam-Flag:
> >Yes" across the board.
> >
> >Even with the forgot-to-backslash-hyphens error, why would that regexp
> >match the headers of every message?
> >
> >We tested this and it's repeatable: with that regexp as a spam filter,
> >emails are dropped-- when that regexp is removed, emails go through
> >properly.
>
>
>I don't know. There are cases of people using
>
>^x-spam-status:.*yes
>
>and having it match
>
>X-Spam-Status: No ... tests=BAYES...

Which is to be expected because .* means "match anything 0 or more 
times". A safer construct there would be to use something like this 
which will match only whitespace between the : and yes.

^x-spam-status:\s*yes


>but X-Spam-Flag: should be just yes or no. In fact, I think by default
>it is just
>
>X-Spam-Flag: YES
>
>or not present at all.

I believe this is correct. I also believe the default is no header if 
not detected as spam.

>I haven't looked at this to see if it is actually a possible cause, but
>the regexp box in header_filter_rules is a list of regexps one per
>line. If it contains an empty line or a 'blank' line, that might be a
>regexp that will match anything or any blank. Don't type a new-line
>after the regexp.

Well, I think it would indeed result in an empty pattern which would 
match everything. Sounds like you may have hit the cause.

Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the Mailman-Users mailing list