MISSING_HEADERS problem - SpamAssassin

This is a discussion on MISSING_HEADERS problem - SpamAssassin ; Hello, I recently got some mails (eg. [3]) from local daemons (eg. uucp, fetchmail). This mails all got hit by MISSING_HEADERS, cause they have no To:-field, which is optional [1]. In the last 7 days MISSING_HEADERS didn't hit any spam-mail ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: MISSING_HEADERS problem

  1. MISSING_HEADERS problem

    Hello,

    I recently got some mails (eg. [3]) from local daemons (eg. uucp,
    fetchmail). This mails all got hit by MISSING_HEADERS, cause they have
    no To:-field, which is optional [1]. In the last 7 days MISSING_HEADERS
    didn't hit any spam-mail on my setup [2]. Have any of you similar
    ham-mails, which get hit by this rule or does it work properly?

    I think spamassassin should try to detect some well-known types of mail,
    which have no To-header, to prevent FPs. Maybe this rule should be
    renamed to MISSING_TO or something similar and get a lower score.

    Or is there anybody, who can tell me, how to add a To:-header to the
    mails from uucp- and fetchmail-daemon?

    Thanks,
    Yours,
    Heinrich


    [1] :
    > The only required header fields are the origination date field and
    > the originator address field(s). All other header fields are
    > syntactically optional.



    [2] statistic
    > RULE NAME SCORE COUNT %OFMAIL %OFSPAM %OFHAM BAYES
    > ---------------------------------------------------------------------
    > MISSING_HEADERS 1.29 13 0.34 0.00 5.88 100.00



    [3] example mail (fetchmail-daemon):
    > Return-Path:
    > Received: from mydomain.zz ([unix socket])
    > by mydomain.zz (Cyrus v2.2.13-Debian-2.2.13-10) with LMTPA;
    > Tue, 09 Sep 2008 10:29:28 +0200
    > Received: from localhost ([127.0.0.1] helo=mydomain.zz)
    > by mydomain.zz with esmtp (Exim 4.63)
    > (envelope-from )
    > id 1KcyaR-0001BK-7e
    > for heiner@localhost; Tue, 09 Sep 2008 10:28:35 +0200
    > From: FETCHMAIL-DAEMON@mydomain.zz
    > Date: Tue, 09 Sep 2008 10:28:35 +0200 (CEST)
    > MIME-Version: 1.0
    > Content-Transfer-Encoding: 8bit
    > Content-Type: text/plain; charset="ISO-8859-15"
    > Subject: fetchmail authentication OK on heinrich-peters@nurfuerspam.de
    > Message-Id:
    > X-MailScanner-SpamCheck: not spam,
    > SpamAssassin (nicht zwischen gespeichert, Wertung=-4.398,
    > benoetigt 5, ALL_TRUSTED -1.80, AWL -1.16, BAYES_00 -4.90,
    > DCC_CHECK 2.17, MISSING_HEADERS 1.29)
    > X-Spam-Status: No
    >
    > Fetchmail was able to log into heinrich-peters@nurfuerspam.de.
    >
    > Service has been restored.
    >
    > --
    > The Fetchmail Daemon



  2. Re: MISSING_HEADERS problem

    Heinrich Christian Peters wrote:
    > Hello,
    >
    > I recently got some mails (eg. [3]) from local daemons (eg. uucp,
    > fetchmail). This mails all got hit by MISSING_HEADERS, cause they have
    > no To:-field, which is optional [1]. In the last 7 days MISSING_HEADERS
    > didn't hit any spam-mail on my setup [2]. Have any of you similar
    > ham-mails, which get hit by this rule or does it work properly?
    >


    it works properly. Almost all mail have a From, a To or Cc, a Date, a
    message-id and at least one Received headers. Mail that lacks one of
    these is suspicious. if it's local, just bypass SA or ignore SA results.

    there is no check that can't generate false positives. if there were,
    spammers would quickly adapt.

    missing headers indicate that the message was generated by ratware or it
    is "local" mail. I know of no user MUA that generates mail without a To
    or Cc or Bcc.


    > I think spamassassin should try to detect some well-known types of mail,
    > which have no To-header, to prevent FPs.


    The mail you talk about look too special. it is better to avoid
    filtering it. if you reduce the FP rate, you'll increase the FN rate.


    > Maybe this rule should be
    > renamed to MISSING_TO or something similar and get a lower score.
    >
    > Or is there anybody, who can tell me, how to add a To:-header to the
    > mails from uucp- and fetchmail-daemon?
    >



    if you trust the message, don't pass it to SA.

    otherwise, pass it to an MTA that "fixes" messages (postfix does. I
    believe sendmail does too).

    > [snip]
    >> X-MailScanner-SpamCheck: not spam,
    >> SpamAssassin (nicht zwischen gespeichert, Wertung=-4.398,
    >> benoetigt 5, ALL_TRUSTED -1.80, AWL -1.16, BAYES_00 -4.90,
    >> DCC_CHECK 2.17, MISSING_HEADERS 1.29)
    >> X-Spam-Status: No


    after all, the message was not tagged as spam. so SA decision is correct.


+ Reply to Thread