Fake SpamAssassin headers
Although my anti-spam set up works fairly well, I had been surprised in the past months (apparently starting end of May) to get some obvious spams (involving e.g. ‘Valium’ in the subject) going through it without problems. Only today have I realized that this was because the mails were not checked by my SpamAssassin, but (supposingly) by a SpamAssassin on popular free Web-based email services (e.g. yahoo or hotmail); that is, they included the following headers:
X-Spam-Checker-Version: SpamAssassin 2.60-spambr_20030926a on popular_mail_service.com
X-Spam-Level:
X-Spam-Status: No, hits=-5.9 required=5.0 tests=AWL,NO_REAL_NAME autolearn=no
version=2.60-spambr_20030926aDue to the way my SpamAssassin set up works, they were not re-checked when entering my spam filters!
Although this should probably fixed at a higher level in our mail distribution system, I’ve worked around it with the following procmail rule:
# clean spurious SA headers
:0fw
* X-Spam-Checker-Version: SpamAssassin 2\.60-spambr_20030926a on
| formail -IX-Spam-Status:I don’t want to remove any previous SpamAssassin header, since our mail set up does set one already that I can trust; but since we’re not using the same version as the one given in the X-Spam-Checker-Version, I’m on the safe side. And after a quick check, these spams amounted to around half of the spams that went through my filters in June, so I should get even better results with my anti-spam set up.
Well, until spammers start upgrading their fake headers, I guess.
June 20th, 2008 at 22:10
[...] mail ISP uses SpamAssassin and the headers are a great guide. (However, I have read reports of bogus SA headers possibly added by [...]