Re: LONGWORDS not hitting?

Sat, 10 Aug 2013 13:12:17 -0700 

At 12:42 PM -0600 06/30/2013, Amir 'CG' Caspi wrote:

Hi all,

        Just got this spam:

http://pastebin.com/KM5paaZ9
To me, it looks like LONGWORDS should have hit... but it didn't. I ran it manually through spamassassin and spamc, and LONGWORDS still didn't hit, so it seems to just not be hitting that rule. But, to my eye, it looks like it should. Any idea why it failed, and should LONGWORDS be updated?
OK, more info and potentially new problem. I re-tested one of the spams I posted yesterday: 
http://pastebin.com/VCtvzjzV
When running this example through SA (either SA standalone, or spamc/spamd) now, LONGWORDS hits, as follows:
Aug 10 15:47:20.115 [21805] dbg: rules: ran body rule __LONGWORDS_C ======> got hit: "authenticate dearth deplorers hogmane fraudulentness going pillowcases believing vagotomy mastoidectomies " 
Aug 10 15:46:20.613 [21757] dbg: rules: ran body rule __LONGWORDS_B ======> got
hit: "family husbandry allowed walloper little length voluntaries weothao sternw 
ard "
... BUT... this pastebin example is the copy/paste of "view raw source" from my MUA. If I run SA on the original server-side email (i.e. the email as stored in my IMAP mailbox), LONGWORDS does _NOT_ hit. That is, neither _C nor _B hit on the server-side version, despite hitting on the MUA version.
For your perusal, I've copied the output of SA when running on the server-side version, i.e. with all MIME content fully intact... see here: 

http://pastebin.com/keNi5BjN
What the heck is going on? Why would LONGWORDS hit on the MUA version but not the server-side? Since LONGWORDS is a rawbody rule, not based on headers, it seems like it should pop on both versions. I'm guessing that there's something about the MIME content that's making LONGWORDS fail to hit on the server-side (MBX) email, but allows it to hit on the MUA ("view raw source") email... but I just don't understand why that would be.
I've had LONGWORDS hit at the server-side (pre-MUA) level, though not very often (only 4 out of 465 messages currently in my spam box), so it _is_ running... but for whatever reason, LONGWORDS hits much more often (i.e. as it should) with the MUA "raw source" versions than it does with server-side (MBOX/MBX) versions, so this is not an isolated occurrence.
So WTF is going on? Does anyone have ideas? To my eyeballs, the exact same text is contained in both versions and therefore should hit LONGWORDS in either version, but only one version pops. 

I'm happy to paste more debug output if it might help someone debug the rule.

Thanks in advance.

                                                --- Amir

Reply via email to