Justin Mason wrote:
Steve [Spamassasin] writes:
An ebay "watched item" email has been wrongly tagged as spam... with the
following rules:
--
2.2 INVALID_DATE Invalid Date: header (not RFC 2822)
0.8 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.1 TW_SJ BODY: Odd Letter Triples with SJ
0.0 HTML_MESSAGE BODY: HTML included in message
3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
[score: 0.9887]
0.2 HTML_TITLE_EMPTY BODY: HTML title contains no text
-0.0 SARE_LEGIT_EBAY Has signs it's from ebay, from, headers, uri
-1.1 AWL AWL: From: address is in the auto white-list
--
The (sanitised) headers read:
--
Subject:...
From:eBay <[EMAIL PROTECTED]>
Date:Wed, 22 Nov 2006 09:03:16 GMT-07:00
While I understand why this email may have triggered the Bayesian rule (where
spammers have copied ebay's email style...) I am bemused by INVALID_DATE and
DATE_IN_PAST_06_12.
The dates I see in the header look valid to me - and (if we allow for time
international time differences) the message was sent two seconds before it was
received.
Am I overlooking something here? Why doesn't SpamAssassin like these dates?
they're malformed, missing spaces. this is what an RFC-compliant
date looks like:
Date: Wed, 22 Nov 2006 16:20:29 +0000
this is what the ebay.co.uk date looks like, according to yr mail:
Date:Wed, 22 Nov 2006 09:03:16 GMT-07:00
note: missing spaces; extra ":" in the TZ offset; and the TZ name. all
are non-rfc-compliant.
--j.
Technically the only thing wrong with the date is the TZ. Section 2.2 of
RFC2822 states:
Header fields are lines composed of a field name, followed by a colon
(":"), followed by a field body, and terminated by CRLF.
No reference to a mandatory SP character starting the field body.
To the OP, since I highly doubt that you will get eBay to change their
TZ format you should consider sa-learn'ing the messages as ham. On your
SA setup these messages are hitting BAYES_95 which is adding 3 points to
their score.
--
Craig
