SpamAssassin Y2K10 Bug

Update: removed the link to the SpamAssassin announcement as the link isn’t permanent! 🙁

In case you’ve not noticed – SpamAssassin had a nasty Y2K10 bug which had been fixed months ago but the fix never got pushed out into a release or updates. 🙁

Those of you using SpamAssassin to filter your mail may want to watch things a bit more closely than usual; it seems that current versions still include the rule known as FH_DATE_PAST_20XX, which adds 2-3 points to any message with a 2010 date in the headers. Surprisingly enough, such dates have suddenly become common, with the result that SpamAssassin may be generating more false positives than usual.

The fix is now included in the updates pushed out by sa-update, run it with -D to get debug output and check you’ve picked up 895075 or later. You’ll see it say:

[4096] dbg: dns: 5.2.3.updates.spamassassin.org => 895075, parsed as 895075

If you’re running Zimbra then you’ll need to fix this manually, in the VPAC install (5.0.x) I changed a line in /opt/zimbra/conf/spamassassin/72_active.cf from:

header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]

to:

header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]

The other alternative is to set the score of the rule to 0 in your local.cf file:

score FH_DATE_PAST_20XX 0.0

Then go hunting for legitimate email in your spam folder (I’m lucky enough that none got picked up).

2 thoughts on “SpamAssassin Y2K10 Bug

  1. What a joke, couldn’t they just check if the spam is sent with a date more than 2 days in the future or something like that? I would hope people running mail servers or spamassassin would use ntp or keep their clock at least on the right day! This might have the benefit of actually catching more spam too.

  2. @Sam Watkins,

    Spam Assassin actually has many different date checks such as DATE_IN_PAST_03_06 and the like. These allow you to control what score gets allocated based on HOW far in the future the email is. This particular one was to detect mail WAY in the future, unfortunately the future eventually becomes the present 😛

Comments are closed.