Hello,
I couldn't find any reference to a similar problem so I hope I am not
posting a dupe here. My setup:
AmavisD 2.4.1
SpamAssassin 3.1.3
Postfix 2.1.5
Cyrus-Imapd 2.2.13
I recently upgraded from AmavisD 2.3 to 2.4.1. Everything works fine,
except when I receive mails that AmavisD tags with X-Amavis-Alert: BAD
HEADER. What happens is that while the mail still gets properly tagged,
a second mail, which is essential empty, is being wrongly send to the
original receiver. Log files:
AmavisD:
Jun 16 21:11:04 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
LMTP::10024 /var/lib/amavis/tmp/amavis-20060616T195131-22633:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> SIZE=2705 Received: from
xyz.slogh.com ([127.0.0.1]) by localhost (xyz.slogh.com [127.0.0.1])
(amavisd-new, port 10024) with LMTP for <[EMAIL PROTECTED]>; Fri, 16 Jun
2006 21:11:04 +0200 (CEST)
Jun 16 21:11:04 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
Checking: 7ia1KzeVTEOc [83.14.244.4] <[EMAIL PROTECTED]> ->
<[EMAIL PROTECTED]>
Jun 16 21:11:04 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
p002 1 Content-Type: multipart/alternative
Jun 16 21:11:04 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
p001 1/1 Content-Type: text/html, size: 1300 B, name:
Jun 16 21:11:05 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
local delivery: <[EMAIL PROTECTED]> -> <spam-quarantine>,
mbx=/var/lib/amavis/virusmails/spam-7ia1KzeVTEOc.gz
Jun 16 21:11:05 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
SPAM, <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Yes, score=39.476
tag=-999 tag2=7.31 kill=6.31 tests=[BAYES_99=3.5, DCC_CHECK=2.17,
DIGEST_MULTIPLE=0.765, DNS_FROM_RFC_ABUSE=0.2, FRONTPAGE=0.886,
HEAD_ILLEGAL_CHARS=1.606, HTML_FONT_FACE_BAD=0.156, HTML_MESSAGE=0.001,
MIME_BOUND_DD_DIGITS=4.5, MIME_HTML_ONLY=0.001, MIME_HTML_ONLY_MULTI=0,
MISSING_MIMEOLE=1.612, MSGID_SPAM_CAPS=4.4, RAZOR2_CF_RANGE_51_100=0.5,
RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5,
RCVD_DOUBLE_IP_SPAM=3.69, RCVD_IN_BL_SPAMCOP_NET=1.558,
RCVD_IN_DSBL=2.6, RCVD_IN_NJABL_PROXY=0.721, RCVD_IN_XBL=3.897,
SUBJ_ILLEGAL_CHARS=4.279, UNPARSEABLE_RELAY=0.001, UPPERCASE_25_50=0,
X_PRIORITY_HIGH=0.433], autolearn=spam, quarantine 7ia1KzeVTEOc
(spam-quarantine)
Jun 16 21:11:05 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
SEND via SMTP: <> -> <[EMAIL PROTECTED]>, 250 2.6.0 Ok, id=22633-06-2, from
MTA([127.0.0.1]:10025): 250 Ok: queued as E55302C69D2
Jun 16 21:11:05 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
DEFANGING MAIL: Spam detection software, running on the system
"hetzner", has identified this incoming email as possible spam. The
original message has been attac...
Jun 16 21:11:06 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
Inserting header field: X-Amavis-Modified: Original mail wrapped as
attachment (defanged) by xyz.slogh.com
Jun 16 21:11:06 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
SPAM-TAG, <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Yes,
score=39.476 tagged_above=-999 required=7.31 tests=[BAYES_99=3.5,
DCC_CHECK=2.17, DIGEST_MULTIPLE=0.765, DNS_FROM_RFC_ABUSE=0.2,
FRONTPAGE=0.886, HEAD_ILLEGAL_CHARS=1.606, HTML_FONT_FACE_BAD=0.156,
HTML_MESSAGE=0.001, MIME_BOUND_DD_DIGITS=4.5, MIME_HTML_ONLY=0.001,
MIME_HTML_ONLY_MULTI=0, MISSING_MIMEOLE=1.612, MSGID_SPAM_CAPS=4.4,
RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5,
RAZOR2_CHECK=0.5, RCVD_DOUBLE_IP_SPAM=3.69,
RCVD_IN_BL_SPAMCOP_NET=1.558, RCVD_IN_DSBL=2.6,
RCVD_IN_NJABL_PROXY=0.721, RCVD_IN_XBL=3.897, SUBJ_ILLEGAL_CHARS=4.279,
UNPARSEABLE_RELAY=0.001, UPPERCASE_25_50=0, X_PRIORITY_HIGH=0.433]
Jun 16 21:11:06 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
FWD via SMTP: <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,
BODY=8BITMIME 250 2.6.0 Ok, id=22633-06-2, from MTA([127.0.0.1]:10025):
250 Ok: queued as 079C02C69D3
Jun 16 21:11:06 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
Passed SPAM, [83.14.244.4] [192.226.182.161] <[EMAIL PROTECTED]>
-> <[EMAIL PROTECTED]>, quarantine: spam-7ia1KzeVTEOc.gz, Message-ID:
<[EMAIL PROTECTED]>, mail_id: 7ia1KzeVTEOc,
Hits: 39.476, queued_as: 079C02C69D3, 2105 ms
Jun 16 21:11:06 xyz.slogh.com /usr/sbin/amavisd-new[22633]: (22633-06-2)
TIMING [total 2112 ms] - SMTP pre-DATA-flush: 4 (0%)0, SMTP DATA: 36
(2%)2, body_digest: 2 (0%)2, gen_mail_id: 1 (0%)2, mime_decode: 16
(1%)3, get-file-type1: 18 (1%)4, parts_decode: 0 (0%)4, AV-scan-1: 17
(1%)4, AV-scan-2: 0 (0%)4, spam-wb-list: 3 (0%)5, SA msg read: 1 (0%)5,
SA parse: 3 (0%)5, SA check: 1804 (85%)90, SA finish: 6 (0%)90,
update_cache: 3 (0%)91, decide_mail_destiny: 1 (0%)91, write-header: 11
(1%)91, save-to-local-mailbox: 1 (0%)91, fwd-connect: 10 (0%)92,
fwd-mail-from: 1 (0%)92, fwd-rcpt-to: 4 (0%)92, fwd-data-cmd: 1 (0%)92,
write-header: 1 (0%)92, fwd-data-contents: 2 (0%)92, fwd-data-end: 47
(2%)94, fwd-rundown: 3 (0%)94, defang: 16 (1%)95, fwd-connect: 17
(1%)96, fwd-mail-from: 2 (0%)96, fwd-rcpt-to: 3 (0%)96, fwd-data-cmd: 1
(0%)96, write-header: 2 (0%)96, fwd-data-contents: 12 (1%)97,
fwd-data-end: 45 (2%)99, fwd-rundown: 4 (0%)99, prepare-dsn: 1 (0%)99,
main_log_entry: 10 (0%)100, update_snmp: 2 (0%)100, unlink-1-files: 2
(0%)100, rundown: 1 (0%)100
Notice how AmavisD first sends a mail via smtp to [EMAIL PROTECTED] and
then again fwd's a mail via smtp to him. Normally, i.e. when no bad
header is detected, AmavisD only fwd's mails. The mail that is sent
wrongly to the user:
Return-Path: <>
Received: from xyz.slogh.com ([unix socket])
by hetzner (Cyrus v2.2.13-Debian-2.2.13-2bpo1) with LMTPA;
Fri, 16 Jun 2006 21:11:06 +0200
X-Sieve: CMU Sieve 2.2
Received: from localhost (xyz.slogh.com [127.0.0.1])
by av.slogh.com (Postfix) with ESMTP id E55302C69D2
for <[EMAIL PROTECTED]>; Fri, 16 Jun 2006 21:11:05 +0200 (CEST)
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 16 Jun 2006 21:11:05 +0200 (CEST)
From: MAILER-DAEMON
To: undisclosed-recipients:;
For your references, here is the header of the original mail that caused
the bad header tag:
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: spam-quarantine
X-Envelope-From: <[EMAIL PROTECTED]>
X-Envelope-To: <[EMAIL PROTECTED]>
X-Quarantine-ID: <7ia1KzeVTEOc>
X-Amavis-Alert: BAD HEADER Non-encoded 8-bit data (char B0 hex): From:
"\260\267 \261d \246u \305@ 3 + ...
X-Spam-Flag: YES
X-Spam-Score: 39.476
X-Spam-Level: ***************************************
X-Spam-Status: Yes, score=39.476 tag=-999 tag2=7.31 kill=6.31
tests=[BAYES_99=3.5, DCC_CHECK=2.17, DIGEST_MULTIPLE=0.765,
DNS_FROM_RFC_ABUSE=0.2, FRONTPAGE=0.886, HEAD_ILLEGAL_CHARS=1.606,
HTML_FONT_FACE_BAD=0.156, HTML_MESSAGE=0.001,
MIME_BOUND_DD_DIGITS=4.5, MIME_HTML_ONLY=0.001,
MIME_HTML_ONLY_MULTI=0, MISSING_MIMEOLE=1.612, MSGID_SPAM_CAPS=4.4,
RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5,
RAZOR2_CHECK=0.5, RCVD_DOUBLE_IP_SPAM=3.69,
RCVD_IN_BL_SPAMCOP_NET=1.558, RCVD_IN_DSBL=2.6,
RCVD_IN_NJABL_PROXY=0.721, RCVD_IN_XBL=3.897,
SUBJ_ILLEGAL_CHARS=4.279, UNPARSEABLE_RELAY=0.001, UPPERCASE_25_50=0,
X_PRIORITY_HIGH=0.433]
Received: from xyz.slogh.com ([127.0.0.1])
by localhost (xyz.slogh.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id 7ia1KzeVTEOc for <[EMAIL PROTECTED]>;
Fri, 16 Jun 2006 21:11:04 +0200 (CEST)
Received: from efk4.internetdsl.tpnet.pl (efk4.internetdsl.tpnet.pl
[83.14.244.4])
by xyz.slogh.com (Postfix) with SMTP id 201112C69D1
for <[EMAIL PROTECTED]>; Fri, 16 Jun 2006 21:10:58 +0200 (CEST)
Received: from 192.226.182.161 by 83.14.244.4; Fri, 16 Jun 2006 22:06:12
+0300
Message-ID: <[EMAIL PROTECTED]>
From: "°· ±d ¦u Å@ 3 + 1" <[EMAIL PROTECTED]>
Reply-To: "¥D°ü¦nÀ°¤â" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: ¬Ù¿ú-¦n¥Î-¤SÀô«O
Date: Fri, 16 Jun 2006 22:12:12 +0300
X-Mailer: MIME-tools 5.503 (Entity 5.501)
MIME-Version: 1.0
Disposition-Notification-To: "return" <[EMAIL PROTECTED]>
Content-Type: multipart/alternative;
boundary="--6693654887490952"
X-Priority: 1
X-MSMail-Priority: High
I temporarily disabled all header checks with @bypass_header_checks_maps
= (1);, but I would like to come up with a proper solution to enable the
header checks again.
Thanks in advance!
Alex
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
