[Bug 7794] New: maxhits is not always honored for body rules

Wed, 05 Feb 2020 08:07:14 -0800 

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7794

            Bug ID: 7794
           Summary: maxhits is not always honored for body rules
           Product: Spamassassin
           Version: 3.4.4
          Hardware: PC
                OS: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: Undefined

Case documentation is below. I do not have the original message. I will attempt
to generate a test case or capture a more recent example and redact any private
info.  

This is a story of 2 similar rules:

  describe CIPH_HTML_LONGURL Very long URL
  rawbody CIPH_HTML_LONGURL  /href="http:[^"]{300}[^"]/
  score CIPH_HTML_LONGURL 0.3
  tflags CIPH_HTML_LONGURL multiple maxhits=8

  describe CIPH_HTML_LONGURL_2 Very long URL
  body CIPH_HTML_LONGURL_2  /http:[^" ]{300}[^"]/
  score CIPH_HTML_LONGURL_2 0.3
  tflags CIPH_HTML_LONGURL_2 multiple maxhits=8

These together just barely doomed a message: 

  # bzgrep DM5PR08MB244  /var/log/maillog.12.bz2
  Jan 23 02:48:50 be01 spamd[8407]: spamd: checking message
<dm5pr08mb24420e5009c09e4556b00d2485...@dm5pr08mb2442.namprd08.prod.outlook.com>
for (unknown):58
   Jan 23 02:48:53 be01 spamd[8407]: spamd: result: Y 5 -
AWL,BAYES_00,CIPH_BODY_FORMAT3,CIPH_DEBUG,CIPH_HTML_LONGURL,CIPH_HTML_LONGURL,CIPH_HTML_LONGURL,CIPH_HTML_LONGURL,CIPH_HTML_LONGURL,CIPH_HTML_LONGURL,CIPH_HTML_LONGURL,CIPH_HTML_LONGURL,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_HTML_LONGURL_2,CIPH_RAWBODY_DEBUG,DKIM_SIGNED,DKIM_VALID,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,TRACKER_ID
scantime=3.2,size=165124,user=(unknown),uid=58,required_score=4.5,rhost=localhost,raddr=127.0.0.1,rport=/var/run/spam,mid=<dm5pr08mb24420e5009c09e4556b00d2485...@dm5pr08mb2442.namprd08.prod.outlook.com>,bayes=0.000000,autolearn=no
autolearn_force=no,shortcircuit=no

NOTE: CIPH_HTML_LONGURL matched 8 times, implying that its maxhits=8 setting is
honored. CIPH_HTML_LONGURL_2 matches 37 times, overpowering the AWL and
BAYES_00 safety net. 

There's no doubt that the local.cf matches what spamd is using:

  # ls -l  /usr/local/etc/mail/spamassassin/local.cf
  -rw-r--r--  1 root  mail  16421 Jul 24  2019
/usr/local/etc/mail/spamassassin/local.cf
  # uptime
   2:21PM  up 83 days,  7:58, 2 users, load averages: 0.26, 0.16, 0.10

In addition, there's a daily cron job running sa-update, sa-compile, and
'service sa-spamd reload.' I have confirmed with 'spamassassin --lint -D
config' that none of the config files being loaded other than
/usr/local/etc/mail/spamassassin/local.cf contain any reference to
CIPH_HTML_LONGURL_2.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to