Spam Filter Bug Plaguing Internet Servers

OK, this is a bit technical for my personal blog, but since I haven't yet redesigned my macexpert.com website for blogging, I decided to put it here.

Since January 1, I've discovered that a large amount of email coming into my server has been marked as spam by the built-in filtering software, SpamAssassin.  When SpamAssassin blocks a message, it flags it and stores it, along with a header that explains why it was blocked.  SpamAssassin is part of the standard mail server installation on most Linux-based internet mail servers.

I need to give you a little lesson in spam filter logic so this makes sense.  There are a number of rules that SpamAssassin applies to a message to determine whether or not to block it.  Based on the trigger, SpamAssassin assign a point value.  If the total number of points adds up to a threshold number that the administrator has put in the  settings, SpamAssassin flags the message as spam.  Typically, the default threshold number is set to 5 by default on a mail server.

After doing some investigating into the emails that were being blocked, I discovered this in the description of all my blocked messages since January 1:

3.4 FH_DATE_PAST_20XX      The date is grossly in the future.

The problem is, the dates on the messages were fine!  This means that all messages were being assigned a spam value of 3.4 out of 5 right off the bat, effectively, the threshold was being set at 1.6 (way too strict!)

I've done some research this morning and discovered the following thread on the SpamAssassin bug tracking boards: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269

Apparently, there is a bug that sneaked out into the current version of SpamAssassin that is causing mail servers to incorrectly flag messages for having an unusual date since Jan 1, 2010.  Ouch!!

OK, so for you people that are NOT computer geeks 🙂 here is what this means in plain English.  There is a serious bug is the spam filtering software used by many internet mail servers that is causing messages sent since January 1, 2010 to be incorrectly identified as spam. 

Until a fix is released and mail servers are updated to include it, be prepared for some of your messages to not get through to their destinations.  Also, you might want to check up on important emails you send out, because if you didn't get a response, the recipient very well may not have seen it because it was errorneously caught in their spam filter.

You may want to pass this along to people you know who are having problems like this.  I haven't seen this come up in the major online news sources yet, and it certainly is newsworthy!

Share
  • Apparently the people who work on SpamAssassin were aware of the bug and posted a fix, but it somehow didn't make it into the past updates. I talked with my web hosting provider, Siteground, this morning and they said they have already added a fix to all their servers that corrects the issue.

    I've done some more looking on the internet, and it's being called the “Y210K bug.” If you run your own Apache-based web server, you can run the latest update patch and it will correct the problem. If you using a hosting provider, like most of us do, and they use an Apache server, you might double-check with them to be sure they have taken steps to correct the issue.

  • FWIW, a fix has already been released and published via Apache SpamAssassin's sa-update rule update channel. This was done and available to the public by 20:52 UTC on Jan 1.

    A note about this was posted on our website's main page: http://spamassassin.apache.org/

    More than a quarter of a million hosts have already been updated… more than half of them in the first 12 hours after the update's release.

    Regards,

    Daryl

    • Thanks for letting me know. I know Siteground already updated their servers, so I'm assuming most of the larger hosting providers have already updated.

      I'm mostly worried about all the “little guys” out there running their own servers. If they don't run their updates, they won't get the patch.

      In any case, it did make me look at my own SpamAssassin settings and loosen my restrictions a bit. I've had great success using SpamAssassin. It does a remarkably good job catching spam on my servers.