SpamAssassin Y2K10 Bug

Update: removed the link to the SpamAssassin announcement as the link isn’t permanent! 🙁

In case you’ve not noticed – SpamAssassin had a nasty Y2K10 bug which had been fixed months ago but the fix never got pushed out into a release or updates. 🙁

Those of you using SpamAssassin to filter your mail may want to watch things a bit more closely than usual; it seems that current versions still include the rule known as FH_DATE_PAST_20XX, which adds 2-3 points to any message with a 2010 date in the headers. Surprisingly enough, such dates have suddenly become common, with the result that SpamAssassin may be generating more false positives than usual.

The fix is now included in the updates pushed out by sa-update, run it with -D to get debug output and check you’ve picked up 895075 or later. You’ll see it say:

[4096] dbg: dns: => 895075, parsed as 895075

If you’re running Zimbra then you’ll need to fix this manually, in the VPAC install (5.0.x) I changed a line in /opt/zimbra/conf/spamassassin/ from:

header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]


header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]

The other alternative is to set the score of the rule to 0 in your file:

score FH_DATE_PAST_20XX 0.0

Then go hunting for legitimate email in your spam folder (I’m lucky enough that none got picked up).