SpamAssassin 2010 Bug

SEWilco writes "You might want to check your spam folder, as SpamAssassin has a rule which is tending to mark email sent in 2010 as spam. There is some discussion in a bug report. The SpamAssassin Wiki FH_DATE_PAST_20XX page doesn't have discussion, but it was updated today with a different date rule."

crapola

[DNS-and-BIND]

My provider runs spamassassin, and given their track record in updating their other software, I rather doubt that they'll update spamassassin anytime soon. Is there any way around this that doesn't involve root access? (I love helpful responses from idiots that start with "first, edit the /etc/spamassassin.conf file" or whatever.)

Oh yeah, the other wonderfully helpful stock response "stop using the software if you don't like it". Sure, I'd love to go back to getting 500 spams a day.

Re:crapola

[DaMattster]

Well, I am not sure what OS your running, but you can use OpenBSD Spamd which works very well. Rather than taking a defensive approach, Spamd goes on the offense by allowing known spam-sending IP addresses to attempt to send to you but throttling the connection down to 1 byte per second. This shakes most people off with no perceivable impact on your part. Even if the spam bot decides to wait the entire time to complete the connection, Spamd ends up dropping the message anyway. I use this solution in my business and I've gone from getting 500+ per day to maybe 2 per week. It is delightfully elegant.

Re:crapola

[Penguinshit]

Not to rub it in but I want to give a shout to my provider (Cruzio) who also use Spamassassin and were apparently on top of this (as they usualLY are0. i haven't noticed anything wrong with my email today. Thanks Cruzio!

"I'll just use a regex!"

[Inf0phreak]

What the... must all SpamAssassin rule be regexes? Because I can't see any (non brain dead) reason why not to implement this by just checking if $current_year < $header_year if that's not the case.

Re:"I'll just use a regex!"

[Briareos]

Last I checked a timezone was mandatory in mail dates, allowing you to handle this correctly - for example by converting your current date and the date specified in the email to GMT...

Re:"I'll just use a regex!"

[jamesh]

Your solution doesn't work.
It fails on new years eve if someone is in a different time zone or if their clock is slightly off.

You need to talk to Microsoft - they could have used someone like you when they were building their 'stampinf' tool that I can't use until 10am in the morning (11am during DST) because it stamps UTC which then confuses another tool in the build chain...

End User

[Kenshin]

As an end user, with no real ability to configure SpamAssassin other than through cPanel, what can I do about this? (Unless my webhost is right on top of it.)

I've disabled it, for now.

Re:Note from the VP, Apache SpamAssassin

[Antiocheian]

Thanks. SpamAssassin has saved a lot of time on my life.

I was using Spamcop and got a bit zealous on reporting so spammers flooded my email address out of vengeance. It was then when I learned that reporting spam to admins only works in a few cases while the majority of spam is sent either through botnets or from countries with relaxed or no spam laws.

SpamAssassin removed 99% of the spam without ever giving me problems of blocking wanted messages...

Respectfully, thanks.