[Users] Can the use of SpamAssassin result in filtering rules being bypassed?

Pierre Fortin pf at pfortin.com
Mon Jul 17 13:33:05 UTC 2023 

Hi,

Trying to track down why one filter is not always working on
incorporation...

I have:
  [x] Filter messages on receiving
and SpamAssassin installed; but just disabled it to see if the below
changes...

According to the filtering log, some messages get caught by this rule:

  enabled rulename "AEON" from matchcase "aeon" delete

Arriving messages have AEON with random addresses, such as:
   From: "AEON" <baxbdzz at rakuten.co.jp>

"AEON"  is the common string

Some messages are deleted on incorporation; while some are caught by
SpamAssassin or a later filter based on a custom MTA header:
  enabled rulename "X-Spam-Level" header "X-Spam-Level" regexpcase
"\\*\\*\\**+" move "#mh/Mailbox/inbox/SPAM"

Sometimes I see this in the Filtering Log:
[2023-07-14 20:15:51] filtering message (incorporation)
                       message file:
/home/pfortin/.claws-mail.pfortin/tempfolder/processing-13/11 Date: Sat,
15 Jul 2023 07:27:25 +0800 From: "AEON" <lkposo at yahoo.co.jp>
                       To: <pfortin at pfortin.com>
                       Subject: 【イオン銀行】お取引目的等の確認のお願い
[2023-07-14 20:15:51] processing rule 'Future' [ age_lower 0 delete ]
> rule is not account-based
[2023-07-14 20:15:51] checking if message matches [ age_lower 0 ]
[2023-07-14 20:15:51] message age [ 0 ] is not lower than [ 0 ]
> message does not match
[2023-07-14 20:15:51] processing rule 'AEON' [ from matchcase "AEON"
delete ]
> rule is not account-based
[2023-07-14 20:15:51] checking if message matches [ from matchcase "AEON"
] [2023-07-14 20:15:51] From: header value [ "AEON" <lkposo at yahoo.co.jp>
] contains [ AEON ] (Case insensitive)
> message matches
[2023-07-14 20:15:51] applying action [ delete ]

Somehow, some messages get through this filter; yet get trapped by this
later rule as seen in Filtering Log:

enabled rulename "X-Spam-Level" header "X-Spam-Level" regexpcase
"\\*\\*\\**+" move "#mh/Mailbox/inbox/SPAM"

Some messages end up in the SPAM folder with nothing in the Filtering
Log, so assuming that's via SpamAssassin, even with:
  filtering_debug_log_length=500000
to ensure I don't lose any logging.

While in the SPAM folder; these messages are always trapped by the first
rule above and deleted when invoking Tools>Filter selected messages

I've checked the encoding on From: header -- always \"AEON\".
Filtering with/without quotes = no difference.

Am I missing something? Or, is there a loophole in the code?

Can SpamAssassin cause filtering rules to be skipped? That's the only
other way these messages could end up in the SPAM folder. 

Having seen delays due to SpamAssassin, and now the above
pathing possibility, would it not make sense to change:
  [x] Enable SpamAssassin plugin 
to allow:
  [x] Enable SpamAssassin plugin 
      [ ] before (bypasses filters if msg is moved by SpamAssassin) [1]
      [X] after filtering (called on Filter fall-through)
?

[1] Looks to me like this is a subtle corner-case which is very difficult
and time-consuming to track down...

Thanks,
Pierre

More information about the Users mailing list