Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

SpamAssassin 2010 Bug

Soulskill posted more than 4 years ago | from the who-could-have-known-when-2010-would-happen dept.

Bug 115

SEWilco writes "You might want to check your spam folder, as SpamAssassin has a rule which is tending to mark email sent in 2010 as spam. There is some discussion in a bug report. The SpamAssassin Wiki FH_DATE_PAST_20XX page doesn't have discussion, but it was updated today with a different date rule."

cancel ×

115 comments

First post to the bit bucket (0, Troll)

Shikaku (1129753) | more than 4 years ago | (#30618018)

This post has been removed due to spam.

Re:Bug report... (-1)

Anonymous Coward | more than 4 years ago | (#30618866)

Based on my experience with open source projects, I imagine that this bug was reported numerous times, and each time it was closed as: "works as intended, not a bug" followed by a helpful comment to RTFM and a complicated work-around.

Re:Bug report... (-1)

Anonymous Coward | more than 4 years ago | (#30618990)

Ballmer? Is that you?

Re:Bug report... (0)

Anonymous Coward | more than 4 years ago | (#30619036)

Bill?

2010 (0)

Anonymous Coward | more than 4 years ago | (#30618024)

Maybe SpamAssassin's AI is trying to tell us something... 2010, the year of spam?

Millenium bug, how I have missed thee (1, Insightful)

ickleberry (864871) | more than 4 years ago | (#30618056)

Instead of having one millenium bug, letting it do it's thing and get it over with we get similar bugs every year. The 2007 zune issue, the impending 2038 issue and this. Of course many more similar bugs that don't deserve their own slashdot article. If they had decided to start using 64-bit time on the 1st of January, 1970 none of these problems would have happened

Re:Millenium bug, how I have missed thee (5, Informative)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#30618110)

Given what memory cost in 1970 [jcmit.com] , I suspect that using 64-bit time would have been an expensive decision.

A lot of gross little hacks look like (and are) great ideas when hardware costs a fortune and you don't yet know how persistent legacy stuff is going to be.

Re:Millenium bug, how I have missed thee (1)

TheRaven64 (641858) | more than 4 years ago | (#30622140)

You're almost right, but actually you miss the point. Back in 1970, RAM cost around $1/byte, so using 32 bits instead of 64 saved you $4/record. However, that wasn't what caused the millennium bug, it was choosing a silly representation to use to store the date. If you wanted to, you could have stored dates as a 32-bit quantity in seconds since some fixed time and been able to handle any date in a 140 year period. You could also have performed calculations on these dates very quickly (just simple arithmetic) and not had to worry about things like leap seconds or different calendars (you only convert to calendar time for output).

Storing the date in decimal two digits only makes sense if you have a computer that supports BCD and not binary digits (e.g. an IBM 1620, although these were mostly decommissioned by 1970 and I can't think of any post-1970 architectures that made such silly decisions), in which case you're using 12 bits just for the year. You then need another 18 bits for the day (you could store the month and day-of-the-month as two 12-bit quantites, using 24 bits instead). You then need to store the time, either as a 24-bit (4 decimal digit) number of seconds or a 12-bit hour and a 12-bit minute and a 12-bit second (36 bits in total). If you use a natural human representation then you end up with 12 bits each for the year, month, day, hour, minute and second, giving 72 bits, or 40 more (costing $5 more) per date. Or maybe you only need to be accurate to the day, in which case it's only 4 bits ($0.50) more than you'd need for a 32-bit number of seconds.

By 1970, a lot of computers had 8-bit bytes and so used 4-bit BCD digits, meaning that your BCD year only took 48 bits, only costing $2 more than the binary version. If you'd only wanted dates to be accurate to the day, then it would have only been six BCD digits so would have been 24 bits, so $1 cheaper than a 32-bit time. However, if you only wanted that level of accuracy then storing a binary number of days in a 16-bit value would have given you a range of 179 years and saved $1 per date. Alternatively, a 24-bit number of hours would have made your code work for over a thousand years and cost the same amount.

In all cases, the binary version is cheaper, has a greater range, and is faster for computation. There was no excuse for using the BCD version. The reason for it was COBOL, which had DECIMAL types and encouraged their use. If the code had been written in FORTRAN instead, then this would not have been a problem.

Re:Millenium bug, how I have missed thee (1)

JWSmythe (446288) | more than 4 years ago | (#30619018)

    I'm actually thankful that they ran this one as a story. After seeing it, I remembered that rule. I just hopped in and fixed my servers.

    The better rule would have been to watch for dates more than X days from today. But, they're using regular expressions, so that makes it a bit harder.

Re:Millenium bug, how I have missed thee (1)

ls671 (1122017) | more than 4 years ago | (#30619068)

> I'm actually thankful that they ran this one as a story.

Yep, not that /. is a security list, but it occurred to me a few times that I first learn about similar issues on /.

   

Re:Millenium bug, how I have missed thee (1)

Sparr0 (451780) | more than 4 years ago | (#30619712)

I think 2038 is a nonissue. Technological progress is accelerating. It took us 30 years to upgrade from 2 decimal digits to 4 for storing years. It will not take 30 years to upgrade from 32 bits to 256 bits for time.

Re:Millenium bug, how I have missed thee (1)

snaz555 (903274) | more than 4 years ago | (#30621042)

If they had decided to start using 64-bit time on the 1st of January, 1970 none of these problems would have happened

The pattern:

##{ FH_DATE_PAST_20XX
header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX The date is grossly in the future.
##} FH_DATE_PAST_20XX

Will match 2010 no matter how many bits are used to keep time. This is a problem that has been know for years; it's a total embarrassment to OSS practices that it wasn't fixed before 1/1/10, before becoming critical. It's not based on a bad architectural decision, or even particularly bad code - it's just a typo where the fix wasn't pushed in a timely manner. I suspect a problem here is that open source development doesn't separate bug fixes from feature additions, which means non-critical fixes get backed up with features to be considered stable enough to ship. A critical fix can be spun separately (being backported to the current stable branch) - but this problem wasn't critical... yet...

crapola (3, Interesting)

DNS-and-BIND (461968) | more than 4 years ago | (#30618076)

My provider runs spamassassin, and given their track record in updating their other software, I rather doubt that they'll update spamassassin anytime soon. Is there any way around this that doesn't involve root access? (I love helpful responses from idiots that start with "first, edit the /etc/spamassassin.conf file" or whatever.)

Oh yeah, the other wonderfully helpful stock response "stop using the software if you don't like it". Sure, I'd love to go back to getting 500 spams a day.

Re:crapola (1, Informative)

Shikaku (1129753) | more than 4 years ago | (#30618122)

Is there any way around this that doesn't involve root access?

No.

Re:crapola (3, Funny)

godrik (1287354) | more than 4 years ago | (#30618182)

I love helpful responses from idiots that start with "first, edit the /etc/spamassassin.conf file"

Yes. That's easy! First edit the /etc/spamassassin.conf file!
Wait a sec...

Re:crapola (-1)

Anonymous Coward | more than 4 years ago | (#30618202)

I lol'd. Quit managing servers if you don't want to SSH in and make easy changes. Software has bugs, welcome to technology.

Re:crapola (3, Interesting)

DaMattster (977781) | more than 4 years ago | (#30618252)

Well, I am not sure what OS your running, but you can use OpenBSD Spamd which works very well. Rather than taking a defensive approach, Spamd goes on the offense by allowing known spam-sending IP addresses to attempt to send to you but throttling the connection down to 1 byte per second. This shakes most people off with no perceivable impact on your part. Even if the spam bot decides to wait the entire time to complete the connection, Spamd ends up dropping the message anyway. I use this solution in my business and I've gone from getting 500+ per day to maybe 2 per week. It is delightfully elegant.

Re:crapola (5, Funny)

karnal (22275) | more than 4 years ago | (#30618310)

I think you missed the "My provider runs spamassassin" part of the parent post.

Re:crapola (2, Informative)

Mana Mana (16072) | more than 4 years ago | (#30619236)

OpenBSD spamd(8) is wholly unrelated from spamassassin spamd. FYI.

OpenBSD spamd(8) has no code from any other project. Its similarity in appellation is name deep.

OpenBSD spamd(8) approach is different and was created by deraadt@.

Re:crapola (1)

TheRaven64 (641858) | more than 4 years ago | (#30622172)

OpenBSD spamd(8) is wholly unrelated from spamassassin spamd

Not entirely. You can combine the two quite well. The spamdb tool can be configured quite easily to take input from SpamAssassin, so if someone sends you spam they then get blacklisted or more aggressively greylisted.

Re:crapola (0)

Anonymous Coward | more than 4 years ago | (#30621098)

Sounds like a bad idea to me. Potentially too many open connections wasting memory, which is PRECIOUS and CRUCIAL on servers.

Re:crapola (1)

TheRaven64 (641858) | more than 4 years ago | (#30622200)

Spamd is very low overhead. It can tarpit a few thousand connections without you noticing and each of these connections is tying up a zombie and preventing it from hitting your smptd (which uses a lot more memory per connection). Spamd sets the window size to 1 and replies at one character per second, so it takes a few minutes for the SMTP handshake to complete. The University of Alberta saw a huge drop in their system load when they deployed spamd in front of their mail servers.

Re:crapola (5, Informative)

ngc5194 (847747) | more than 4 years ago | (#30618296)

"Is there a way to work around this that doesn't involve root access?"

Yes, but it isn't a good way. Check your scores file for the scores associated with the FH_DATE_PAST_20XX. This indicates the number of points added to the spam score of every message that fails this test. Basically, increase your spam threshold by this amount until you can apply this patch.

Good for a quick-n-dirty fix.

Re:crapola (0)

stms (1132653) | more than 4 years ago | (#30618406)

Well you don't have to get 500 spam emails a day just because you don't use their software use some other software idiot.

Re:crapola (3, Informative)

smartaleckkill (1161259) | more than 4 years ago | (#30618410)

depends--i have a cheap n cheerful shared hosting account with the same issue, but i do have cpanel access which allows me to override the score for any rule--check out the last link in the summary basically if you have access to local config files (even through a frontend like cpanel) you can do it without root access

Re:crapola (0, Offtopic)

darkpixel2k (623900) | more than 4 years ago | (#30618770)

My provider runs spamassassin, and given their track record in updating their other software, I rather doubt that they'll update spamassassin anytime soon. Is there any way around this that doesn't involve root access? (I love helpful responses from idiots that start with "first, edit the /etc/spamassassin.conf file" or whatever.)

Oh yeah, the other wonderfully helpful stock response "stop using the software if you don't like it". Sure, I'd love to go back to getting 500 spams a day.

My car is so old it doesn't have an airbag. I heard about this glitch where I have a higher chance of dying because my car doesn't have an airbag. Given my track record in buying new cards, I doubt I'll update my gremlin anytime soon. Is there a way around this that doesn't involve require spending money? (I love helpful responses from idiots that start with "first go to NAPA" or whatever.) Oh yeah, the other wonderfully helpful stock response "stop driving the car if you're worried about dying in a wreck". Sure, I'd love to go back to the horse and buggy.

Re:crapola (0)

Anonymous Coward | more than 4 years ago | (#30618958)

...my gremlin...

If you are/have contemplated/have ever driven/driving a Gremlin, then you should[need] to die a horrible death! Crash not required.

Re:crapola (4, Informative)

mhrivnak (752549) | more than 4 years ago | (#30619228)

The new rule gets picked up when "sa-update" is run. spamassassin deployments should run sa-update automatically on a regular basis, for example every day via a cronjob. Thus, most deployments will pick up the update automatically tonight if a sysadmin doesn't do it first.

Re:crapola (1)

Daniel_Staal (609844) | more than 4 years ago | (#30619330)

Simplest non-root way (assuming they have it allowed): Edit the ~/.spamassassin/user_prefs file.

Re:crapola (4, Informative)

nabsltd (1313397) | more than 4 years ago | (#30619362)

My provider runs spamassassin, and given their track record in updating their other software, I rather doubt that they'll update spamassassin anytime soon. Is there any way around this that doesn't involve root access?

If you have shell access, it should be trivial, although you do have to edit a file.

Add the following to ~/.spamassassin/user_prefs:

score FH_DATE_PAST_20XX 0.0

Re:crapola (-1)

Wizardess (888790) | more than 4 years ago | (#30620932)

Or simply run "sa-update" as root to fetch down the updated rule. {^_^}

Re:crapola (2, Informative)

Anonymous Coward | more than 4 years ago | (#30622658)

You really do have a hard time reading and comprehending what people post, don't you?

Re:crapola (2, Interesting)

Penguinshit (591885) | more than 4 years ago | (#30619484)

Not to rub it in but I want to give a shout to my provider (Cruzio) who also use Spamassassin and were apparently on top of this (as they usualLY are0. i haven't noticed anything wrong with my email today. Thanks Cruzio!

Re:crapola (0)

Anonymous Coward | more than 4 years ago | (#30619932)

Is there any way around this that doesn't involve root access? (I love helpful responses from idiots that start with "first, edit the /etc/spamassassin.conf file" or whatever.)

Well, that should be the /etc/mail/spamassassin/local.cf file. Local customizations shouldn't be in the main config file since the main config file will get overwritten when spamassassin is upgraded :)

But seriously, assuming your provider allows per-user customization, edit your ~/.spamassassin/user_prefs file, and add a line like this:

score FH_DATE_PAST_20XX 0 0 0 0

That sets the rule to add zero points to the spam score in all situations.

Re:crapola (1)

harlows_monkeys (106428) | more than 4 years ago | (#30620262)

My provider runs spamassassin, and given their track record in updating their other software, I rather doubt that they'll update spamassassin anytime soon

If they are slow enough updating, it's possible you don't have the bug. I haven't bothered to update my home mail server past Ubuntu 6.06 LTS, since it works fine. The version of Spamassassin it uses, 3.1.7, does not appear to have this bug.

Re:crapola (0, Troll)

Sleepy (4551) | more than 4 years ago | (#30622286)

> (I love helpful responses from idiots that start with "first, edit the /etc/spamassassin.conf file" or whatever.)

>Oh yeah, the other wonderfully helpful stock response "stop using the software if you don't like it". Sure, I'd love to go back to getting 500 spams a day.

"Idiots?"

You might have a point if the ONLY step began with "first". But here you see a bunch of people answered you.. and yes, ALL of them began with editing the "whatever" file.

You know... paid support for SpamAssassin IS available.
I suppose it could even work for someone who doesn't have TIME to "edit the /etc/spamassassin.conf file".

Even during the holidays there are folks like you who have the audacity to demand FREE free support... while pre-emptively demeaning those who would provide it. Unbelievable.

"I'll just use a regex!" (1, Interesting)

Inf0phreak (627499) | more than 4 years ago | (#30618150)

What the... must all SpamAssassin rule be regexes? Because I can't see any (non brain dead) reason why not to implement this by just checking if $current_year < $header_year if that's not the case.

Re:"I'll just use a regex!" (0)

Anonymous Coward | more than 4 years ago | (#30618294)

So what happens when an email server in say, San Francisco receieves email from someone in say, New Zealand where in NZ it's 2011 (New years) but still 2010 in SF?

Re:"I'll just use a regex!" (2, Interesting)

Briareos (21163) | more than 4 years ago | (#30618360)

Last I checked a timezone was mandatory in mail dates, allowing you to handle this correctly - for example by converting your current date and the date specified in the email to GMT...

Re:"I'll just use a regex!" (0)

Anonymous Coward | more than 4 years ago | (#30618744)

You'll still run into the same problem when the sender's clock is just marginally wrong. What you should do is calculate the difference between the full sent date and the full current date, not just the year, and make the decision based on that. You won't be doing it with a regex though.

Re:"I'll just use a regex!" (3, Funny)

ubrgeek (679399) | more than 4 years ago | (#30618692)

It depends. If the email from San Francisco was traveling east going 400 miles per hour and the email from NZ is going west at .... ;)

Re:"I'll just use a regex!" (1)

SanityInAnarchy (655584) | more than 4 years ago | (#30618904)

I'm guessing the obvious solution is to make sure $current_year >= $header_year + 1

That would only hurt you when receiving mail from a machine with a clock wildly out of sync, and as all major OSes do NTP out of the box by default, I don't see how that's an excuse.

Re:"I'll just use a regex!" (1)

JWSmythe (446288) | more than 4 years ago | (#30619046)

    I agree, that would be the better solution.

    I've seen lots of people's machines that have their dates wrong though. NTP is a wonderful thing, if it works. It's possible that corp firewalls can block unexpected traffic, including NTP though.

    I just got an embedded machine, which doesn't keep it's time right. I have to force an update at boot time, which makes the logs look real funny.

    There was a Y2K bug on some of my servers (like, a decade ago), so if they rebooted after Dec 31, 1999, the BIOS couldn't understand the date, and rolled it back to Jan 1, 1998. Why 1998? I don't know. Everything that happened until the time updated was timestamped wrong though. That wasn't a big deal, it was just entertaining to see the beginning of the log saying 1998, and as soon as it fixed the time, it would switch to 2000. And no, it didn't take 2 years for the machine to boot. :)

Re:"I'll just use a regex!" (0)

Anonymous Coward | more than 4 years ago | (#30619232)

Why 1998? I don't know.

That's when the BIOS was configured. The current date can not be before the date the BIOS was configured, so that's the most recent date which can not be in the future. I prefer an obviously wrong date though, something like the UNIX epoch. Suppose you want to check if the system is running on default time: If your software runs on a system that is newer than your software, then there is no way to tell without reaching an external reference. If the system used a standard epoch as default time, then software could easily determine that the system has no current time information.

Re:"I'll just use a regex!" (1)

JWSmythe (446288) | more than 4 years ago | (#30619638)

    I agree totally.

    When I set up those servers, ntpd didn't cooperate very well for huge changes, it would just try to skew the clock. I wrote my own little program to check in with our local time server. Our time server would hit a real time server once a day, and the servers would all update hourly. In the case of those, I put it in at boot time, before any important services started that needed to know the time.

Re:"I'll just use a regex!" (0)

Anonymous Coward | more than 4 years ago | (#30623052)

ntpd didn't cooperate very well for huge changes, it would just try to skew the clock.

Right. ntpd is very careful to always move time forward and not at a crazy speed, so fixing the time shouldn't break anything. What you wanted to do was a one-time:
ntpdate pool.ntp.org
and *then* start ntpd.

Re:"I'll just use a regex!" (1)

Bigjeff5 (1143585) | more than 4 years ago | (#30619242)

...(like, a decade ago)...

Hopefully nobody had trouble inferring that, since it is now 2010, Y2k would have been ten years ago...

Re:"I'll just use a regex!" (0)

Anonymous Coward | more than 4 years ago | (#30619424)

Great Scott! Now how am I going to email Marty from the year 2015?

I don't want to jump in the Delorian to go see him everytime, the fluxcapacitor is starting to wear out.

Dr Emmett Brown

Re:"I'll just use a regex!" (3, Insightful)

Hal The Computer (674045) | more than 4 years ago | (#30620066)

Your solution doesn't work.
It fails on new years eve if someone is in a different time zone or if their clock is slightly off.

I'd suggest that any message sent more than seven (pick your favorite number) days in the future is spam.

Re:"I'll just use a regex!" (2, Interesting)

jamesh (87723) | more than 4 years ago | (#30620874)

Your solution doesn't work.
It fails on new years eve if someone is in a different time zone or if their clock is slightly off.

You need to talk to Microsoft - they could have used someone like you when they were building their 'stampinf' tool that I can't use until 10am in the morning (11am during DST) because it stamps UTC which then confuses another tool in the build chain...

Re:"I'll just use a regex!" (1)

jandoedel (1149947) | more than 4 years ago | (#30621382)

... or it could be an important message from your future self, containing instructions for making a time machine that send mails backwards in time.

FIX details: (4, Informative)

drDugan (219551) | more than 4 years ago | (#30618216)

this is also happening on Ubuntu server, running Spamassassin 3.2.5

The linked article references a workaround:
add this line to the "local.cf" spamassassin config file, on this system is was /etc/spamassassin/local.cf

score FH_DATE_PAST_20XX 0.0

If you're running spamassassin as a daemon, you *may* also want to restart spamd
with something like:

sudo /etc/init.d/spamassassin restart

This solution simply removes the rule by setting the score for that rule to 0.
You'll want to undo this once a solution is deployed.

Re:FIX details: (4, Informative)

KiloByte (825081) | more than 4 years ago | (#30618274)

Since nearly 14 hours ago, you can simply run "sa-update".
It is in cron.daily in the default install, too.

Re:FIX details: (1)

nmb3000 (741169) | more than 4 years ago | (#30618834)

score FH_DATE_PAST_20XX 0.0

You'd probably be better off changing the rule instead of the score. Putting something like:

# Fixes bug: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269 [apache.org]
header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX The date is grossly in the future.

in your local SA config would probably be better (unless you really want to just drop the rule entirely).

That said, you'd probably be better off updating everything with sa-update, but this fix works in case you cannot or don't want to do that.

Re:FIX details: (1)

rduke15 (721841) | more than 4 years ago | (#30621230)

If you are running amavis, sa-update alone is not enough. You also need to restart amavis so that it picks up the new rules. On a Debian system, that would be something like:

sa-update && /etc/init.d/amavis restart

The spamassassin daily cron job does sa-update, and reloads spamassassin, but doesn't reload amavis.

What do we call this? (0)

Anonymous Coward | more than 4 years ago | (#30618228)

Y2.01k?

Re:What do we call this? (1)

carlhaagen (1021273) | more than 4 years ago | (#30618284)

I suppose, yeah. It is after all just a minor revision.

Re:What do we call this? (2, Funny)

andreyvul (1176115) | more than 4 years ago | (#30619460)

Y2KX has a better ring to it.

One hack replaced by another (3, Informative)

tomp (4013) | more than 4 years ago | (#30618378)

From the "fix"

> FH_DATE_PAST_20XX
> change '/20[1-9][0-9]/' to '/20[2-9][0-9]/'

That's no fix, it just puts the problem off for another 10 years. Why call the rule FH_DATE_PAST_20XX, shouldn't it be FH_DATE_PAST_201X? At least then the hack would be documented.

Re:One hack replaced by another (2, Funny)

JWSmythe (446288) | more than 4 years ago | (#30619062)

    I just fixed a mail server for someone (after reading the article), and told them to remind me in 10 years to fix it again. :) Hopefully by then, they'll have rewritten the rule so it behaves better.

Re:One hack replaced by another (3, Insightful)

6Yankee (597075) | more than 4 years ago | (#30619310)

Exactly. This is the right "fix" right now - the bug is out there causing real problems, and the fix (while definitely a filthy hack) is well-understood and can be pushed out immediately. If the same thing were to happen ten years from now (or the threshold quietly got pushed back to 2030), that would be nothing short of negligent.

Re:One hack replaced by another (0)

Anonymous Coward | more than 4 years ago | (#30619100)

my favorite response ever:

Not really much of a "fix" - more like a work-around that'll come back and bite
again in 10 years. "grossly in the future" is directly related to the current
time, so shouldn't this rule take the current time into account?

Comment 4 Henrik Krohns 2010-01-01 05:27:17 UTC

Right. But we have years of time to fix it.

Re:One hack replaced by another (0)

Anonymous Coward | more than 4 years ago | (#30620068)

Yay, I've been mentioned on slashdot! May google archive my name forever!

Re:One hack replaced by another (1)

jamesh (87723) | more than 4 years ago | (#30620882)

That's no fix, it just puts the problem off for another 10 years.

I had that thought too. Then I had another thought which was 'Meh'.

Re:One hack replaced by another (1)

techdoc70 (1711686) | more than 4 years ago | (#30620926)

This won't help

Why does this rule exist anyway? (1)

Animaether (411575) | more than 4 years ago | (#30621008)

I can only guess that it's a rule to flag e-mails as being spammy (all of my new years' wishes to brits and americans I got replies to with the subject tagged "{Spam?}") when they are 'sent from the future'.
    I can also only guess that this is done via a regex on the date with the date being somewhere far into the future (but that future kinda crept up on us the other day, right?) so as not to burden CPUs with actual date conversions to universal time and doing comparisons on that, and flagging e-mails sent greater than a 24 hour period or so into the future.

But given that
    1. such e-mails hardly exist in the first place (In my archives, I just found 2*.. out of 19,836 and counting)
    2. spammers will be readily aware of this rule and really why would they make an effort to inject a future date anyway when their mail daemons will happily use the -current date-
    3. in case of an actual entity from the future informing us of impending doom with instructions on how to stave it off, we'll have seriously fucked ourselves?

I just don't see why this rule exists at all, and why it needs to be 'fixed'. Maybe somebody can inform me of a very good reason for the rule existing. If not: I say the rule doesn't need fixing.. it needs removing.

*
E-mail number 1: A travel itinerary auto-sent from expedia back in May 2004. It has a date of February 7th, 2101.
E-mail number 2: An e-mail from a friend back in June 2005. It inexplicably has a date of June 26th, 2165. ThunderBird oddly enough reports a date in the search results reading May 21st, 2029 - though that's nowhere to be found in the mail's source. Display bug?
Neither are spam, regardless. (yes, I know, there's no telling how many (spam) e-mails from the future I never received because they were spam-flagged in the first place. I think I'd rather take my chances.)

Re:Why does this rule exist anyway? (1)

Anders (395) | more than 4 years ago | (#30621368)

2. spammers will be readily aware of this rule and really why would they make an effort to inject a future date anyway when their mail daemons will happily use the -current date-

They will use dates from the future to have their offerings shown at the top of the mailbox.

Re:Why does this rule exist anyway? (1)

mikael_j (106439) | more than 4 years ago | (#30623890)

Then there's the other date-mangling tactic, setting the date weeks or months in the past, I'm guessing they're doing this to make recepients think that the spam is some old legit mail they forgot about, it's annoying when one of those slip through though...

/Mikael

Re:One hack replaced by another (1)

tendays (890391) | more than 4 years ago | (#30621990)

Why call the rule FH_DATE_PAST_20XX, shouldn't it be FH_DATE_PAST_201X? At least then the hack would be documented.

Changing the rule name would break existing configuration files changing the rule score and/or description (like in that comment [slashdot.org] ).

Re:One hack replaced by another (0)

Anonymous Coward | more than 4 years ago | (#30623796)

You don't get it. The XX part is Roman.

Implicit whitelisting? (1)

YouDoNotWantToKnow (1516235) | more than 4 years ago | (#30618420)

That is so last decade ;P

Nice.... (5, Funny)

kramer (19951) | more than 4 years ago | (#30618530)

[url]https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5852[/url]

Noticed 14 months ago. Fixed 5 months ago. Released today.

Re:Nice.... (2, Insightful)

Bigjeff5 (1143585) | more than 4 years ago | (#30619256)

Hey! Nice to see open source software gets fixed so ultra fast! :P

To be fair though, at least they released it the day it broke things, why didn't they release it by yesterday? Then the default cron job would have picked it up on most servers and nobody would have noticed.

Re:Nice.... (1)

Anders (395) | more than 4 years ago | (#30621384)

Hey! Nice to see open source software gets fixed so ultra fast! :P

My sarcasm-o-meter is broken, so I cannot tell whether you are kidding. But it is indeed impressive to have a fix within hours, on a holiday.

To be fair though, at least they released it the day it broke things, why didn't they release it by yesterday? Then the default cron job would have picked it up on most servers and nobody would have noticed.

Why didn't they release it before someone noticed? Well, that's a good question. Maybe it was because nobody had noticed?

Re:Nice.... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30621514)

Why didn't they release this when it was fixed.

Fixed in spamassassin 3.2.5-7 in Debian/Unstable (1)

John Hasler (414242) | more than 4 years ago | (#30618572)

n/t

Re:Fixed in spamassassin 3.2.5-7 in Debian/Unstabl (1)

Pretzalzz (577309) | more than 4 years ago | (#30618650)

spamassassin:
    Installed: 3.2.5-6
    Candidate: 3.2.5-6
    Version table:
  *** 3.2.5-6 0
                701 http://ftp.us.debian.org/ [debian.org] testing/main Packages
                  70 http://ftp.us.debian.org/ [debian.org] unstable/main Packages
                100 /var/lib/dpkg/status

apt-get updated 30 seconds ago.

Re:Fixed in spamassassin 3.2.5-7 in Debian/Unstabl (2, Informative)

John Hasler (414242) | more than 4 years ago | (#30618702)

toncho/~ sudo apt-get install spamassassin
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
    libmail-dkim-perl
Recommended packages:
    re2c
The following packages will be upgraded:
    spamassassin
1 upgraded, 0 newly installed, 0 to remove and 1086 not upgraded.
Need to get 1097kB of archives.
After this operation, 0B of additional disk space will be used.
Get:1 http://ftp.us.debian.org/ [debian.org] unstable/main spamassassin 3.2.5-7 [1097kB]
Fetched 1097kB in 13s (84.2kB/s)
Reading changelogs... Done
apt-listchanges: Mailing root: apt-listchanges: news for toncho.dhh.gt.org
(Reading database ... 163295 files and directories currently installed.)
Preparing to replace spamassassin 3.2.5-6 (using .../spamassassin_3.2.5-7_all.deb) ...
Stopping SpamAssassin Mail Filter Daemon: spamd.
Unpacking replacement spamassassin ...
Setting up spamassassin (3.2.5-7) ...
Starting SpamAssassin Mail Filter Daemon: spamd.

Here is the apt-listchanges message:

spamassassin (3.2.5-7) unstable; urgency=high

      This version of SpamAssassin fixes a bug which caused mails sent
      in 2010 to be flagged as suspiciously spammy. If upgrading to this
      version, you are recommended to update any per-user caches previously
      created by sa-compile, and to check mail already in your spam folder
      for false positives more carefully than usual.

  -- Joey Hess Fri, 01 Jan 2010 12:03:40 -0500

Re:Fixed in spamassassin 3.2.5-7 in Debian/Unstabl (1)

Bigjeff5 (1143585) | more than 4 years ago | (#30619272)

I know y'all are all proud about how fast it got fixed, but in reality it was discovered over a year ago, fixed half a year ago, and was only released today.

Why? Why not at least release it yesterday so most people's daily update would pick it up and make the whole thing invisible?

Re:Fixed in spamassassin 3.2.5-7 in Debian/Unstabl (3, Informative)

doshea (1711648) | more than 4 years ago | (#30620688)

It was an oversight. The rule fix got committed but never added to the update channel. Nobody noticed before it was too late.

Re:Fixed in spamassassin 3.2.5-7 in Debian/Unstabl (1)

John Hasler (414242) | more than 4 years ago | (#30621758)

> I know y'all are all proud about how fast it got fixed...

Where do you get that? I posted to inform people running Debian that they need not apply the patch. That's all. I expressed no opinion about the speed of the fix.

Aha! (1)

/dev/trash (182850) | more than 4 years ago | (#30618594)

So this is why my Schwab Stock Alert was marked as Spam this morning.

Now it shows up (1, Funny)

Anonymous Coward | more than 4 years ago | (#30618936)

Ahh, the y2k.01 bug, naturally.

holy crap (2, Informative)

Anonymous Coward | more than 4 years ago | (#30618954)

Thanks for the heads up, my kid's birthday party is next weekend and when I look at the spam folder it turns out 3 more people have replied that I hadn't seen.

Great workaround (3, Informative)

xororand (860319) | more than 4 years ago | (#30618978)

The suggested fix is just silly... They postpone the problem to 2020-01-01:
3) change '/20[1-9][0-9]/' to '/20[2-9][0-9]/'

Re:Great workaround (2)

doshea (1711648) | more than 4 years ago | (#30620712)

We're likely going to drop the rule all-together in the future. In the interest of getting the fix out fast, with the least confusion of users, we decided to just make the change to 2020 for now.

Although... maybe a little visibility for the project every 10 years wouldn't hurt. :)

Re:Great workaround (1)

Anonymous Coward | more than 4 years ago | (#30621350)

Have you ever done production operations before?
Goal 1: Get People Working Again.
Goal much-farther-down-the-list: Document, Debug, and get people on the issue to properly patch/ensure it never happens again.

End User (2, Interesting)

Kenshin (43036) | more than 4 years ago | (#30619198)

As an end user, with no real ability to configure SpamAssassin other than through cPanel, what can I do about this? (Unless my webhost is right on top of it.)

I've disabled it, for now.

Re:End User (1)

Bigjeff5 (1143585) | more than 4 years ago | (#30619286)

sa-update, assuming you can run that through cpanel.

Re:End User (2, Informative)

6Yankee (597075) | more than 4 years ago | (#30619400)

Making sure they're aware of the issue might be a good place to start.

Re:End User (1)

doshea (1711648) | more than 4 years ago | (#30620746)

If you can't get the rule to stop firing (by changing the rule or zeroing the score) you could increase your spam threshold by the amount of the rule's score (anywhere from 2 to 3.6 or more depending on your config). This would essentially cancel out the rule.

Re:End User (1)

smartaleckkill (1161259) | more than 4 years ago | (#30623512)

as pointed out in a couple of places above, without root access you may still be able to edit your own user prefs for spamassassin, either by editing the /.spamassassin/user_prefs file, or through cpanel dpending on your provider's setup--in the configure options (where you can set required_score for example) you add the FH_DATE_PAST_20XX rule to one of the 'score' boxes with a value of 0--but note that this disables the rule entirely--i did it last night and my inbox was full of spam this morning, currently trying to figure out a +ve value/required_score combination that'll minimize the false +ve risk but still keep the spam down--by default the rule has a score of 3.4 i think, so with a threshold of 5 it might be ok to crank it back a little rather than zero it--you might still get some false +ves tho, i've disabled auto-delete meantime

I almost missed some important mail! (5, Funny)

darthwader (130012) | more than 4 years ago | (#30619700)

"You might want to check your spam folder, as SpamAssassin has a rule ...

Thanks for the heads-up. There was a very important e-mail from the Internet Lottery people telling me my e-mail address had been picked as the winner of the EUR 20,000 prize. All I have to do is send them $200 by Western Union to cover the processing fees. And to think I almost missed it!

It's terrible that SpamAssassin flags such important messages as spam.

It would be 90% right! (1)

SgtXaos (157101) | more than 4 years ago | (#30620182)

Only a small fraction of email I get is legit, so if it dumps all messages into the spam folder, it is pretty much doing the right thing

Shouldn't the real solution (0)

Anonymous Coward | more than 4 years ago | (#30620400)

be something like
bad_date == date() + 1 yr
and then compare against bad_date ?

Note from the VP, Apache SpamAssassin (5, Informative)

doshea (1711648) | more than 4 years ago | (#30620564)

Clearly we dropped the ball on this one. As far as I know it's our first big rule screw up in the project's 10 years. If you're going to screw up you might as well do it well.

I posted the following note to the Apache SpamAssassin website (http://spamassassin.apache.org/). Updates are available via sa-update, please run sa-update immediately. It's included in all versions of 3.2.x (the affected version of SpamAssassin). Alternatively zero the rule's score in your local.cf file if you have access to it. If you don't, increase your spam threshold by 3.6 points if your mail provider allows you to do that.

Y2K10 Rule Bug - Update Your Rules Now!

2010-01-01:

Versions of the FH_DATE_PAST_20XX rule released with versions of Apache SpamAssassin 3.2.0 thru 3.2.5 will trigger on most mail with a Date header that includes the year 2010 or later. The rule will add a score of up to 3.6 towards the spam classification of all email. You should take corrective action immediately; there are two easy ways to correct the problem:

* If your system is configured to use sa-update run sa-update now. An update is available that will correct the rule. No further action is necessary (other than restarting spamd or any service that uses SpamAssassin directly).

* Add "score FH_DATE_PAST_20XX 0" without the quotes to the end of your local.cf file to disable the rule.

If you require help updating your rules to correct this issue you are encouraged to ask for assistance on the Apache SpamAssassin Users' list. Users' mailing list info is here.

On behalf of the Apache SpamAssassin project I apologize for this error and the grief it may have caused you.

Regards,

Daryl C. W. O'Shea

VP, Apache SpamAssassin

Re:Note from the VP, Apache SpamAssassin (2, Interesting)

Antiocheian (859870) | more than 4 years ago | (#30620944)

Thanks. SpamAssassin has saved a lot of time on my life.

I was using Spamcop and got a bit zealous on reporting so spammers flooded my email address out of vengeance. It was then when I learned that reporting spam to admins only works in a few cases while the majority of spam is sent either through botnets or from countries with relaxed or no spam laws.

SpamAssassin removed 99% of the spam without ever giving me problems of blocking wanted messages...

Respectfully, thanks.

Re:Note from the VP, Apache SpamAssassin (2)

Old Sparky (675061) | more than 4 years ago | (#30622250)

Working great over here - all I had to do was run sa-update.

Thanks for the hard work!

2K10 is not 2010 (1)

Ivan Stepaniuk (1569563) | more than 4 years ago | (#30622134)

It is 2100... even if you don't like how 2k01 sounds.

Fine grain rule to stop anything after 2014 (1)

freaker_TuC (7632) | more than 4 years ago | (#30622226)

This rule is a little bit more fine-grained. It will not allow anything to be sent after 2014.

edit the file /usr/share/spamassassin/72_active.cf

##{ FH_DATE_PAST_20XX
header FH_DATE_PAST_20XX Date =~ /20[1-9][4-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX The date is grossly in the future.
##} FH_DATE_PAST_20XX

I wish variables could be used in regexps like these, like $year + 2 would be a nice start....

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...