Package: spamass-milter
Version: 0.3.2-1
Severity: important
Dear Don,
when a message is detected as spam, it is prepended with a waring message.
The original message appears as a mime attachment.
This attachment has a bad Received: header like this:
Received: from vwp12xxx.webpack.hosteurope.de (vwp12xxx.webpack.hosteurope.de
[5.35.232.xxx])
by eroski.aldebaran.de(8.14.4/8.14.4/Debian-4) with ESMTP id
t06Df1fZ019601
Wed, 10 Dec 2014 14:38:06 +0100
(envelope-from <scr...@wp11273xxx.server-he.de>
Note the following problems:
1. The semicolon at the end of the id is missing (RFC 2822
requires it like "id t06Df1fZ019601;").
2. The "(envelope-from"... comment does not have a closing parenthesis.
3. Most importantly, the date is wrong. This email was received on 06 Jan 2015.
It is very strange that we have a wrong date here because the clock of the mail
server running spamass-milter and sendmail has probably been correct; it is
adjusted using ntp with several servers in the net. Also, all the other
date headers in the mail are correct and if the clock would have been
wrong, more header lines should be wrong, too.
Point 3 leads to false positive.
Here is a quote of most of the
message, with only the end (with content) cut off, and some sensitive
info replaced with "x".
----------------------------8<---------------------------
Return-Path: <scr...@wp11273xxx.server-he.de>
Received: from xxxxxx.aldebaran.de ([unix socket])
by xxxxxx (Cyrus v2.4.16-Debian-2.4.16-4+deb7u2) with LMTPA;
Tue, 06 Jan 2015 14:41:09 +0100
X-Sieve: CMU Sieve 2.4
Received: from eroski.aldebaran.de (mail.aldebaran.de [81.14.208.171])
by xxxxxx.aldebaran.de (8.14.4/8.14.4/Debian-4) with ESMTP id
t06Df84L017749
for <x...@xxxxxxx.aldebaran.de>; Tue, 6 Jan 2015 14:41:09 +0100
Received: from vwp12xxx.webpack.hosteurope.de (vwp12xxx.webpack.hosteurope.de
[5.35.232.xxx])
by eroski.aldebaran.de (8.14.4/8.14.4/Debian-4) with ESMTP id
t06Df1fZ019601
(version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT)
for <x...@aldebaran.de>; Tue, 6 Jan 2015 14:41:02 +0100
Received: from wp11273xxx by vwp12xxx.webpack.hosteurope.de running ExIM with
local
id 1Y8UNZ-0001NQ-EH; Tue, 06 Jan 2015 14:41:01 +0100
Message-ID: <1420551xxx.54abe5ed5x...@www.aldebaran.de>
Date: Tue, 06 Jan 2015 14:41:01 +0100
Subject: Kontakt-Mail =?utf-8?Q?=C3=BCber?= www.aldebaran.de
From: xx...@www.aldebaran.de
To: x...@aldebaran.de
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_54ABE5F4.1DA96507"
X-Priority: 3 (Normal)
X-Mailer: TYPO3
X-bounce-key:
webpack.hosteurope.de;scr...@wp11273xxx.server-he.de;1420551662;b5358da8;
X-Spam-Flag: YES
X-Spam-Status: Yes, score=6.7 required=5.0
tests=BAYES_50,DATE_IN_FUTURE_96_Q,
HTML_MESSAGE,T_FILL_THIS_FORM_SHORT,UNPARSEABLE_RELAY,URI_OBFU_WWW,XPRIO
autolearn=spam version=3.3.2
X-Spam-Level: ******
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eroski.aldebaran.de
This is a multi-part message in MIME format.
------------=_54ABE5F4.1DA96507
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "eroski.aldebaran.de", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: xxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxx
Content analysis details: (6.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.4 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: date
2.5 URI_OBFU_WWW BODY: Obfuscated URI
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
1.0 XPRIO Has X-Priority header
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_54ABE5F4.1DA96507
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
X-Envelope-From: <scr...@wp11273xxx.server-he.de>
X-Envelope-To: <i...@aldebaran.de>
Received: from vwp12xxx.webpack.hosteurope.de (vwp12xxx.webpack.hosteurope.de
[5.35.232.xxx])
by eroski.aldebaran.de(8.14.4/8.14.4/Debian-4) with ESMTP id
t06Df1fZ019601
Wed, 10 Dec 2014 14:38:06 +0100
(envelope-from <scr...@wp11273361.server-he.de>
Received: from wp11273xxx by vwp12xxx.webpack.hosteurope.de running ExIM with
local
id 1Y8UNZ-0001NQ-EH; Tue, 06 Jan 2015 14:41:01 +0100
Message-ID: <142055xxxx.54xxxxed54...@www.aldebaran.de>
Date: Tue, 06 Jan 2015 14:41:01 +0100
Subject: xxxxxxxxx
From: xx...@www.aldebaran.de
To: x...@aldebaran.de
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift_v4_142055166154abe5ed60ede_=_"
X-Priority: 3 (Normal)
X-Mailer: TYPO3
X-bounce-key:
webpack.hosteurope.de;scr...@wp1127xxxx.server-he.de;1420551662;b5358da8;
--_=_swift_v4_142055166154abe5ed60ede_=_
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
[...]
----------------------------8<---------------------------
Greetings and a happy new year,
moritz
-- System Information:
Debian Release: 7.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages spamass-milter depends on:
ii adduser 3.113+nmu3
ii libc6 2.13-38+deb7u6
ii libgcc1 1:4.7.2-5
ii libmilter1.0.1 8.14.4-4
ii libstdc++6 4.7.2-5
ii spamc 3.3.2-5+deb7u1
Versions of packages spamass-milter recommends:
ii sendmail 8.14.4-4
ii spamassassin 3.3.2-5+deb7u1
spamass-milter suggests no packages.
-- Configuration Files:
/etc/default/spamass-milter changed, and redacted for reproduction:
OPTIONS="-u spamass-milter -i
127.0.0.1,aa.bb.cc.192/27,dd.ee.ff.0/24,aa.bb.cc.168/29,aa.bb.cc.176/28 -I -r
15"
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
