spamassassin severely penalizes IPV6 link-local addresses

arpepper at uwaterloo.ca arpepper at uwaterloo.ca
Wed Nov 1 20:26:00 UTC 2017 

(This message must be read as plain text, no (un)wrapping, preferably
monospace font, retaining all my spaces as significant).

spamassassin 3.4.1-3 and 3.4.1-7 both list ubuntu-devel-discuss at lists.ubuntu.com
as "Maintainer".

Thankfully occasional updates do appear to still be made by the long-time
maintainer.  (E.g. 3.4.1-8 in September 2017).

So I report here a problem we run afoul of quite a lot.

In spamassassin 3.4.1-3 to 3.4.1-7 (and before)
/usr/share/perl5/Mail/SpamAssassin/Plugin/RelayEval.pm
seems to deliberately sabotage any potential handling of IPV6 link-local
addresses.

  # note using IPv4 addresses for now due to empty strings matching IP_ADDRESS
  # due to bug in pure IPv6 address regular expression
  sub helo_ip_mismatch {
    my ($self, $pms) = @_;
    my $IP_ADDRESS = IPV4_ADDRESS;
    my $IP_PRIVATE = IP_PRIVATE;
  
    for my $relay (@{$pms->{relays_untrusted}}) {
      # is HELO usable?
      next unless ($relay->{helo} =~ m/^$IP_ADDRESS$/ &&
                 $relay->{helo} !~ /$IP_PRIVATE/);
      # compare HELO with IP
      return 1 if ($relay->{ip} =~ m/^$IP_ADDRESS$/ &&
                   $relay->{ip} !~ m/$IP_PRIVATE/ &&
                   $relay->{helo} ne $relay->{ip} &&
                   # different IP is okay if in same /24
                   $relay->{helo} =~ /^(\d+\.\d+\.\d+\.)/ &&
                   index($relay->{ip}, $1) != 0);
    }

    0;
  }

This, or perhaps similar code elsewhere causes headers such as the
following to get an effective 7 spamassassin point penalty.  (2 to 3
for RDNS_NONE, and 5 for not matching ALL_TRUSTED).

=============================================================================
Received: from connhm01.connect.uwaterloo.ca ([fe80::d4bf:9432:cac5:5f3b]) by
  connhm01.connect.uwaterloo.ca ([fe80::d4bf:9432:cac5:5f3b%19]) with mapi id
  15.01.1034.032; Fri, 27 Oct 2017 13:06:52 -0400
=============================================================================

I have been able to sed the IPV6 addresses into an acceptable IPV4 version
and obtain a spamassassin score approximately 7 points "less spammy" (in
our context, of course).

As RFC822 attachments (I think) I include a complete sample message
followed by a version modified to pass "ALL_TRUSTED" (in our context,
of course).

Some hostnames and all list names have been made bogus, however.
To a smaller audience, I could provide similar messages without that
obfuscation.


Adrian Pepper
arpepper at uwaterloo.ca


-------------- next part --------------
An embedded message was scrubbed...
From: AR Pepper <arpepper at uwaterloo.ca>
Subject: [scs-arp] Gentle message sent via owa
Date: Fri, 27 Oct 2017 17:06:52 +0000
Size: 4353
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20171101/be45859d/attachment.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: AR Pepper <arpepper at uwaterloo.ca>
Subject: [scs-arp] Gentle message sent via owa
Date: Fri, 27 Oct 2017 17:06:52 +0000
Size: 4322
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20171101/be45859d/attachment-0001.mht>

More information about the Ubuntu-devel-discuss mailing list