The mailing list for listmasters using Sympa

[Ruud Baart <address@concealed>]

Thank you for answering.

I think suppression of the User-Agent field  is  a short term solution. 
But, as you write, a real solution is more complicated.


On 21-12-2021 23:04, Matt Taggart wrote:
> On 12/21/21 1:11 PM, Ruud Baart wrote:
> > Hi,
> >
> > in the postfix/amavis/spamassasin log the spam score of an email from 
> > a sympa list is like this:
> >
> > X-Spam-Status: No, score=0.313 required=6.31 tests=[AWL=0.643, 
> > BAYES_00=-1.9,
> >     *FORGED_MUA_MOZILLA=2.309*, HEADER_FROM_DIFFERENT_DOMAINS=0.25,
> >     HTML_IMAGE_RATIO_02=0.001, HTML_MESSAGE=0.001, 
> > MAILING_LIST_MULTI=-1,
> >     NO_RELAYS=-0.001, T_KAM_HTML_FONT_INVALID=0.01]
> >     autolearn=no autolearn_force=no
> >
> > The FORGED_MUA_MOZILLA score is quite high.
>
> FORGED_MUA_MOZILLA is a meta rule that does:
>   (__MOZILLA_MUA && !__UNUSABLE_MSGID && !__MOZILLA_MSGID
>
> __MOZILLA_MUA looks for:
>   User-Agent =~ /^mozilla\b/i
>
> __UNUSABLE_MSGID is a meta rule of:
>   (__LYRIS_EZLM_REMAILER || __GATED_THROUGH_RCVD_REMOVER || 
> __WACKY_SENDMAIL_VERSION || __IPLANET_MESSAGING_SERVER || 
> __HOTMAIL_BAYDAV_MSGID || __SYMPATICO_MSGID)
>
> __MOZILLA_MSGID looks for:
>   MESSAGEID =~ 
> /^<(?:[a-f\d]{8}-(?:[a-f\d]{4}-){3}[a-f\d]{12}|[A-F\d]{8}\.[A-F1-9][A-F\d]{0,7})\@\S+>$/m
>
>
> > It is not 100% clear for me why but I guess it has to do with the 
> > SMTP header Message-ID field combined with the User-Agent field. In 
> > this case it is something like this:
> >
> >     Message-Id: 
> > <adherents-loisir-pour-tous-st-andre-le-desert.77@anonymous>
>
> This @anonymous Message-ID is used only when a list has the anonymous 
> sender option enabled. (and you confirm that below) Here is where it 
> happens:
>
> https://github.com/sympa-community/sympa/blob/master/src/lib/Sympa/Spindle/TransformIncoming.pm#L86 
>
>
> The xsequence part I think is to try to somewhat preserve the 
> threading that MUAs and the archive will do, since those are based on 
> Message-ID. IIRC each new message to the list that day will get a new 
> message id, but the sequence will start over the next day.
>
> > And the message was sent with Mozilla Thunderbird
> >
> >     User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) 
> > Gecko/20100101
> >       Thunderbird/91.4.0
> >
> > The forced sender, as defined in this list, is, as can be seen in the 
> > Sender field:
> >
> >     Sender:address@concealed
> >
> > If I understand the spamassassin rule correctly the message-id field 
> > is not conform Mozilla and therefor suspected. I suppose the 
> > message-id is this way because in the list definition is defined to 
> > overwrite the from field and it has to be unique for every message.
>
> Yes.
>
> > I have read some information about this field. I assume the generated 
> > message-id is correct and unique. But perhaps the message id is not 
> > conform the recommendations as described in 
> > https://www.jwz.org/doc/mid.html.
>
> The issue is the SA rule is assuming that any mail coming from a 
> Mozilla mail client will have a particular Mozilla generated 
> Message-ID and it's sympa changing the Message-ID that breaks this.
>
> > I propose two solutions:
> >
> > 1) Is it not better to generate the message id in something like
> >
> >     <address@concealed>
>
> This won't work because the Message-ID would still need to match the 
> complicated regex above.
>
> > 2) An option to change the User-Agent field in a standard like 
> > User-Agent: Sympa/6.2.66 or just remove the User-Agent field.
>
> Yes I think if sympa is going to change the Message-ID then probably 
> it needs to change the User-Agent too.
> > What do you think?
>
> Good job spotting this, we use anonymous_sender a lot and probably 
> this is hurting the deliverability of our mails. The default scoring 
> of FORGED_MUA_MOZILLA is:
>   2.399 1.596 2.399 2.309
> which is significant.
>
> Note: there are other spamassassin FORGED_MSGID_ rules, but most seem 
> to be looking for the same domain in both the Message-ID and From and 
> for sympa anonymous_sender I think it should be ok. But I wonder about 
> sympa DMARC munging of From, maybe those rules will still trigger? So 
> maybe if sympa is going to munge From then it should also change 
> Message-ID? But to what? There might be other SA rules worth thinking 
> about too.
>
> Isn't running mailing lists fun?