Bug 255356 - git commit mail has high spam score (SPF check fail and content)
Summary: git commit mail has high spam score (SPF check fail and content)
Status: Closed Works As Intended
Alias: None
Product: Services
Classification: Unclassified
Component: Mailing Lists (show other bugs)
Version: unspecified
Hardware: Any Any
: --- Affects Some People
Assignee: postmaster
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2021-04-24 02:51 UTC by Yuri Victorovich
Modified: 2021-04-24 17:39 UTC (History)
3 users (show)

See Also:


Attachments
freebsd-mail-spam.eml (54.23 KB, application/x-extension-eml)
2021-04-24 02:51 UTC, Yuri Victorovich
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Yuri Victorovich freebsd_committer freebsd_triage 2021-04-24 02:51:38 UTC
Created attachment 224393 [details]
freebsd-mail-spam.eml

See the attached message pulled from the spam folder.

---------------------------------

Content analysis details:   (9.4 points, 7.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 0.6 J_CHICKENPOX_46        BODY: 4alpha-pock-6alpha
 0.6 J_CHICKENPOX_65        BODY: 6alpha-pock-5alpha
 0.6 J_CHICKENPOX_93        BODY: 9alpha-pock-3alpha
 0.6 J_CHICKENPOX_83        BODY: 8alpha-pock-3alpha
 0.6 J_CHICKENPOX_63        BODY: 6alpha-pock-3alpha
 0.6 J_CHICKENPOX_43        BODY: 4alpha-pock-3alpha
 0.6 J_CHICKENPOX_72        BODY: 7alpha-pock-2alpha
 0.6 J_CHICKENPOX_42        BODY: 4alpha-pock-2alpha
 0.6 J_CHICKENPOX_33        BODY: 3alpha-pock-3alpha
 0.6 J_CHICKENPOX_13        BODY: 1alpha-pock-3alpha
 0.6 J_CHICKENPOX_12        BODY: 1alpha-pock-2alpha
 0.6 J_CHICKENPOX_23        BODY: 2alpha-pock-3alpha
 0.6 J_CHICKENPOX_53        BODY: 5alpha-pock-3alpha
 0.6 J_CHICKENPOX_73        BODY: 7alpha-pock-3alpha
Comment 1 Yuri Victorovich freebsd_committer freebsd_triage 2021-04-24 02:52:01 UTC
Same happens with fallout messages.
Comment 2 Philip Paeps freebsd_committer freebsd_triage 2021-04-24 04:39:47 UTC
Looks like this is scoring mostly on content.  I don't know what those rules check specifically.  As far as I can tell, there is no SPF problem here.  The message came from mx2.freebsd.org, which is listed in the freebsd.org SPF record.
Comment 3 Yuri Victorovich freebsd_committer freebsd_triage 2021-04-24 04:49:28 UTC
(In reply to Philip Paeps from comment #2)

> As far as I can tell, there is no SPF problem here.

SpamAssassin though flags every message from FreeBSD MLs with SPF.

Do you think that SpamAssassin has a bug?
Comment 4 Philip Paeps freebsd_committer freebsd_triage 2021-04-24 05:08:24 UTC
In the headers you've attached, I don't see anywhere SPF can fail.

Return-Path: <owner-ports-committers@freebsd.org>
Received: from mail0.{redacted}.com (mail0.{redacted}.com [198.144.192.41])
        by mail1.{redacted}.com (8.14.2/8.14.2) with ESMTP id 13MHIACI036176
        for <yuri@mail1.{redacted}.com>; Thu, 22 Apr 2021 10:18:10 -0700 (PDT)
        (envelope-from owner-ports-committers@freebsd.org)
Received: from mx2.freebsd.org (mx2.freebsd.org [96.47.72.81])
        by mail0.{redacted}.com (8.15.2/8.15.2) with ESMTPS id 13MHI4Un080645
        (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL)
        for <yuri+freebsd@{redacted}.com>; Thu, 22 Apr 2021 10:18:10 -0700 (PDT)
        (envelope-from owner-ports-committers@freebsd.org)

198.144.192.41 receives the message from mx2.freebsd.org, which is in the SPF record.  Unless you're running SpamAssassin after that and SpamAssassin thinks that the message came from 198.144.192.41 and not from mx2.freebsd.org?

But I think the SPF is a red herring here.  The message scored 8.4 on *CHICKENPOX* tests.  The 1.0 is scores on the SPF match is not making much of a difference.

Note that it's probably a good idea for FreeBSD committers (i.e. people with forwarders configured on freefall.freebsd.org) to whitelist mx2.freebsd.org from SPF checks.  While freebsd.org SPF is ~all, some people misconfigure their domains with -all and those messages will not arrive unless you whitelist mx2.freebsd.org.  That isn't what's happening here though since this message originated within freebsd.org.

The only thing I can think of why this specific message is failing SPF for you, is that it's being relayed somewhere after it's been received from mx2.freebsd.org.
Comment 5 Vsevolod Stakhov freebsd_committer freebsd_triage 2021-04-24 09:14:53 UTC
Chickenpox rules are very poor, outdated and almost all the time broken (I can tell the same about SA in general though). I can confirm that all auth checks for git emails are satisfied: SPF, DKIM, ARC.

Authentication-Results: mail.rspamd.net;
	dkim=pass header.d=freebsd.org header.s=dkim header.b=ZxrEnZPK;
	dmarc=none;
	spf=pass (mail.rspamd.net: domain of owner-ports-committers@freebsd.org designates 96.47.72.81 as permitted sender) smtp.mailfrom=owner-ports-committers@freebsd.org;
	arc=pass ("freebsd.org:s=dkim:i=1")
Comment 6 Yuri Victorovich freebsd_committer freebsd_triage 2021-04-24 17:39:37 UTC
The SA version is also very old - 11 yo.

I suggested the owners of that mail server to upgrade SA.

Closing for now.

Thanks everybody for insightful comments!


Yuri