Forum: >>> Magnum BBS <<<

Bug#1103349: spamassassin: TXREP seems broken - adds spam points.

From Vladislav Kurz@21:1/5 to All on Wed Apr 16 17:40:01 2025

Package: spamassassin
Version: 4.0.1-1~deb12u1
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

* What led up to the situation?

Upgrade spamassassin from 4.0.0-6 to 4.0.1-1~deb12u1 with TXREP enabled

* What exactly did you do (or not do) that was effective (or ineffective)?

I have had enabled TXREP since Feb 2024. It seemed to work
fine, until I upgraded to 4.0.1 when Debian 12.10 was released.
Since then I noticed that TXREP is adding spam points to emails
that should not be penalized. I deleted the TXREP databases,
and let it build from scratch, but after some time penalization
was back.

* What was the outcome of this action?

E.g. I have a system sending backup results every day. Without
TXREP, they had a spam score of 1.8. Today TXREP kicked in and
added 1.6 points for a total of 3.3 (our spam score limit is 3.0)

* What outcome did you expect instead?

I'd expect TXREP not to add any points to this specific mail,
as it was exactly the same as previous mails for a few weeks.
Score withouit TXREP was the same as the average of previous
scores, so there was no reason to add penalty.

Maybe my understanding of how TXREP works is poor, but to me
it seems that something fundamental has changed in the way
TXREP is calculating new scores/penalties. It may be related to https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8236

In the configs below I have already disabled the txRep plugin, and enabled AWL instead.

Best regards
Vladislav Kurz

-- System Information:
Debian Release: 12.10
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-32-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages spamassassin depends on:
ii adduser 3.134
ii curl 7.88.1-10+deb12u12
ii libhtml-parser-perl 3.81-1
ii libhttp-date-perl 6.05-2
ii libio-string-perl 1.08-4
ii libmail-dkim-perl 1.20230212-2~deb12u1
ii libnet-dns-perl 1.36-1
ii libnetaddr-ip-perl 4.079+dfsg-2+b1
ii libsocket6-perl 0.29-3
ii libsys-hostname-long-perl 1.5-3
ii libwww-perl 6.68-1
ii lsb-base 11.6
ii perl [libarchive-tar-perl] 5.36.0-7+deb12u2
ii sysvinit-utils [lsb-base] 3.06-4

Versions of packages spamassassin recommends:
pn gnupg <none>
ii libbsd-resource-perl 1.2911-2+b1
ii libmail-dmarc-perl 1.20211209-4
ii libmail-spf-perl 2.9.0-5
ii perl [libsys-syslog-perl] 5.36.0-7+deb12u2
ii sa-compile 4.0.1-1~deb12u1
ii spamc 4.0.1-1~deb12u1

Versions of packages spamassassin suggests:
ii libdbi-perl 1.643-4
ii libencode-detect-perl 1.01-6+b1
ii libgeoip2-perl 2.006002-2
ii libio-socket-ssl-perl 2.081-2
pn libnet-patricia-perl <none>
ii perl [libcompress-zlib-perl] 5.36.0-7+deb12u2
pn pyzor <none>
pn razor <none>

-- Configuration Files:
/etc/default/spamassassin changed:
ENABLED=1
OPTIONS="--nouser-config --max-children 8 --max-spare 4 --helper-home-dir --timeout-child 60"
PIDFILE="/var/run/spamd.pid"
NICE="--nicelevel 15"
CRON=1

/etc/spamassassin/init.pre changed:
enable_compat welcomelist_blocklist
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
loadplugin Mail::SpamAssassin::Plugin::SPF

/etc/spamassassin/local.cf changed:
lock_method flock
required_score 3.0
dns_server 127.0.0.1
dns_query_restriction deny sa-accredit.habeas.com
dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny bl.score.senderscore.com
use_bayes 1
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
ok_locales en
header RUSSIAN_CHARSET Content-Type =~ /windows-1251/i
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
endif # Mail::SpamAssassin::Plugin::Shortcircuit
ifplugin Mail::SpamAssassin::Plugin::DKIM
adsp_override notify.trueapps.cz discardable
endif # Mail::SpamAssassin::Plugin::DKIM
ifplugin Mail::SpamAssassin::Plugin::TxRep
use_txrep 1
#txrep_autolearn 1
endif # Mail::SpamAssassin::Plugin::TxRep
ifplugin Mail::SpamAssassin::Plugin::RelayCountry
header RELAYCOUNTRY_BAD X-Relay-Countries =~ /(RU|BY|KP)/
describe RELAYCOUNTRY_BAD Relayed through Russia at some point
score RELAYCOUNTRY_BAD 1.0
endif # Mail::SpamAssassin::Plugin::RelayCountry
ifplugin Mail::SpamAssassin::Plugin::FromNameSpoof
fns_check 0 # strict
score T_FROMNAME_EQUALS_TO 0.1
score T_FROMNAME_SPOOFED_EMAIL 0.3
score T_GB_FROMNAME_SPOOFED_EMAIL_IP 0.50
endif # Mail::SpamAssassin::Plugin::FromNameSpoof
ifplugin Mail::SpamAssassin::Plugin::OLEVBMacro
body OLEMACRO eval:check_olemacro()
describe OLEMACRO Attachment has an Office Macro
score OLEMACRO 0.1
body OLEMACRO_MALICE eval:check_olemacro_malice()
describe OLEMACRO_MALICE Potentially malicious Office Macro
score OLEMACRO_MALICE 1.0
body OLEMACRO_ENCRYPTED eval:check_olemacro_encrypted()
describe OLEMACRO_ENCRYPTED Has an Office doc that is encrypted
score OLEMACRO_ENCRYPTED 0.1
body OLEMACRO_RENAME eval:check_olemacro_renamed()
describe OLEMACRO_RENAME Has an Office doc that has been renamed
score OLEMACRO_RENAME 0.1
body OLEMACRO_ZIP_PW eval:check_olemacro_zip_password()
describe OLEMACRO_ZIP_PW Has an Office doc that is password protected in a zip
score OLEMACRO_ZIP_PW 0.1
body OLEMACRO_CSV eval:check_olemacro_csv()
describe OLEMACRO_CSV Malicious csv file that tries to exec cmd.exe detected
score OLEMACRO_CSV 1.0
body OLEMACRO_DOWNLOAD_EXE eval:check_olemacro_download_exe()
describe OLEMACRO_DOWNLOAD_EXE Malicious code inside the Office doc that tries to download a .exe file detected
score OLEMACRO_DOWNLOAD_EXE 1.0
endif # Mail::SpamAssassin::Plugin::OLEVBMacro
ifplugin Mail::SpamAssassin::Plugin::Phishing
phishing_openphish_feed /var/lib/spamassassin/openphish-feed.txt
#phishing_phishtank_feed /var/lib/spamassassin/phishtank-feed.csv
body URI_PHISHING eval:check_phishing()
describe URI_PHISHING Url match phishing in feed
endif

/etc/spamassassin/v310.pre changed:
loadplugin Mail::SpamAssassin::Plugin::AntiVirus
loadplugin Mail::SpamAssassin::Plugin::AWL
loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
loadplugin Mail::SpamAssassin::Plugin::TextCat
loadplugin Mail::SpamAssassin::Plugin::WelcomeListSubject
loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
loadplugin Mail::SpamAssassin::Plugin::ReplaceTags

/etc/spamassassin/v320.pre changed:
loadplugin Mail::SpamAssassin::Plugin::Check
loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
loadplugin Mail::SpamAssassin::Plugin::URIDetail
loadplugin Mail::SpamAssassin::Plugin::Bayes
loadplugin Mail::SpamAssassin::Plugin::BodyEval
loadplugin Mail::SpamAssassin::Plugin::DNSEval
loadplugin Mail::SpamAssassin::Plugin::HTMLEval
loadplugin Mail::SpamAssassin::Plugin::HeaderEval
loadplugin Mail::SpamAssassin::Plugin::MIMEEval
loadplugin Mail::SpamAssassin::Plugin::RelayEval
loadplugin Mail::SpamAssassin::Plugin::URIEval
loadplugin Mail::SpamAssassin::Plugin::WLBLEval
loadplugin Mail::SpamAssassin::Plugin::VBounce
loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
loadplugin Mail::SpamAssassin::Plugin::ImageInfo

/etc/spamassassin/v342.pre changed:
loadplugin Mail::SpamAssassin::Plugin::HashBL
loadplugin Mail::SpamAssassin::Plugin::FromNameSpoof

/etc/spamassassin/v343.pre changed:
loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro

/etc/spamassassin/v400.pre changed:
loadplugin Mail::SpamAssassin::Plugin::DecodeShortURLs
loadplugin Mail::SpamAssassin::Plugin::DMARC

-- debconf-show failed

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Centurion
  Fri May 23 02:35:44 2025
  from Berea, Ohio via Telnet
- Rixter
  Fri May 23 02:32:42 2025
  from Madison, Nc via Telnet
- Adam Fancher
  Thu May 22 20:51:38 2025
  from Winsted, Ct via Telnet
- Jokke
  Thu May 22 20:13:05 2025
  from Be via Telnet
- Jokke
  Thu May 22 15:51:38 2025
  from Be via Telnet
- Adam Fancher
  Thu May 22 15:27:52 2025
  from Winsted, Ct via Telnet
- Skwx
  Thu May 22 15:25:23 2025
  from London, Uk via Telnet
- Jokke
  Thu May 22 11:19:03 2025
  from Be via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	481
Nodes:	16 (2 / 14)
Uptime:	20:40:19
Calls:	9,542
Calls today:	2
Files:	13,653
Messages:	6,140,082

Bug#1103349: spamassassin: TXREP seems broken - adds spam points.

Who's Online

Recent Visitors

System Info