Endian marking too many emails as spam

I noticed that the Endian 2.3 Community Edition SMTP proxy at the office was marking too many legitimate emails as spam. A quick inspection of the email headers showed the following consistent theme:

X-Spam-Report:
*  3.4 FH_DATE_PAST_20XX The date is grossly in the future

In other words, this one date check was adding a whopping 3.4 points of the 6 needed to be marked as spam, even though the emails should have been fine.

The problem is due to a bug in older versions of Spam Assassin which marks 2010 onwards as “grossly in the future”.

The best solution is to run the Spam Assassin update tool as follows (having logged in as root using your favourite SSH tool):

sa-update -D
rm /usr/share/spamassassin/*
cp -r /var/lib/spamassassin/3.002005/updates_spamassassin_org/* /usr/share/spamassassin/

This updates all of the Spam Assassin rules, including the problematic one.

You can also implement the fix manually. The culprit file is 72_active.cf located at /usr/share/spamassassin in the following lines:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[1-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX      The date is grossly in the future.
##} FH_DATE_PAST_20XX

Use vi to change this to:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[2-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX      The date is grossly in the future.
##} FH_DATE_PAST_20XX

This change will mark all emails sent after 2019 as “grossly in the future” (as opposed to after than 2009).

Make sure you restart Endian to implement the changes.

Solution found at the EFWSupport forums.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *