Heinrich Christian Peters wrote:
Hello,
I recently got some mails (eg. [3]) from local daemons (eg. uucp,
fetchmail). This mails all got hit by MISSING_HEADERS, cause they have
no To:-field, which is optional [1]. In the last 7 days MISSING_HEADERS
didn't hit any spam-mail on my setup [2]. Have any of you similar
ham-mails, which get hit by this rule or does it work properly?
it works properly. Almost all mail have a From, a To or Cc, a Date, a
message-id and at least one Received headers. Mail that lacks one of
these is suspicious. if it's local, just bypass SA or ignore SA results.
there is no check that can't generate false positives. if there were,
spammers would quickly adapt.
missing headers indicate that the message was generated by ratware or it
is "local" mail. I know of no user MUA that generates mail without a To
or Cc or Bcc.
I think spamassassin should try to detect some well-known types of mail,
which have no To-header, to prevent FPs.
The mail you talk about look too special. it is better to avoid
filtering it. if you reduce the FP rate, you'll increase the FN rate.
Maybe this rule should be
renamed to MISSING_TO or something similar and get a lower score.
Or is there anybody, who can tell me, how to add a To:-header to the
mails from uucp- and fetchmail-daemon?
if you trust the message, don't pass it to SA.
otherwise, pass it to an MTA that "fixes" messages (postfix does. I
believe sendmail does too).
[snip]
X-MailScanner-SpamCheck: not spam,
SpamAssassin (nicht zwischen gespeichert, Wertung=-4.398,
benoetigt 5, ALL_TRUSTED -1.80, AWL -1.16, BAYES_00 -4.90,
DCC_CHECK 2.17, MISSING_HEADERS 1.29)
X-Spam-Status: No
after all, the message was not tagged as spam. so SA decision is correct.
