Package: spamass-milter Version: 0.3.2-1 Severity: important Dear Don,
when a message is detected as spam, it is prepended with a waring message. The original message appears as a mime attachment. This attachment has a bad Received: header like this: Received: from vwp12xxx.webpack.hosteurope.de (vwp12xxx.webpack.hosteurope.de [5.35.232.xxx]) by eroski.aldebaran.de(8.14.4/8.14.4/Debian-4) with ESMTP id t06Df1fZ019601 Wed, 10 Dec 2014 14:38:06 +0100 (envelope-from <scr...@wp11273xxx.server-he.de> Note the following problems: 1. The semicolon at the end of the id is missing (RFC 2822 requires it like "id t06Df1fZ019601;"). 2. The "(envelope-from"... comment does not have a closing parenthesis. 3. Most importantly, the date is wrong. This email was received on 06 Jan 2015. It is very strange that we have a wrong date here because the clock of the mail server running spamass-milter and sendmail has probably been correct; it is adjusted using ntp with several servers in the net. Also, all the other date headers in the mail are correct and if the clock would have been wrong, more header lines should be wrong, too. Point 3 leads to false positive. Here is a quote of most of the message, with only the end (with content) cut off, and some sensitive info replaced with "x". ----------------------------8<--------------------------- Return-Path: <scr...@wp11273xxx.server-he.de> Received: from xxxxxx.aldebaran.de ([unix socket]) by xxxxxx (Cyrus v2.4.16-Debian-2.4.16-4+deb7u2) with LMTPA; Tue, 06 Jan 2015 14:41:09 +0100 X-Sieve: CMU Sieve 2.4 Received: from eroski.aldebaran.de (mail.aldebaran.de [81.14.208.171]) by xxxxxx.aldebaran.de (8.14.4/8.14.4/Debian-4) with ESMTP id t06Df84L017749 for <x...@xxxxxxx.aldebaran.de>; Tue, 6 Jan 2015 14:41:09 +0100 Received: from vwp12xxx.webpack.hosteurope.de (vwp12xxx.webpack.hosteurope.de [5.35.232.xxx]) by eroski.aldebaran.de (8.14.4/8.14.4/Debian-4) with ESMTP id t06Df1fZ019601 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT) for <x...@aldebaran.de>; Tue, 6 Jan 2015 14:41:02 +0100 Received: from wp11273xxx by vwp12xxx.webpack.hosteurope.de running ExIM with local id 1Y8UNZ-0001NQ-EH; Tue, 06 Jan 2015 14:41:01 +0100 Message-ID: <1420551xxx.54abe5ed5x...@www.aldebaran.de> Date: Tue, 06 Jan 2015 14:41:01 +0100 Subject: Kontakt-Mail =?utf-8?Q?=C3=BCber?= www.aldebaran.de From: xx...@www.aldebaran.de To: x...@aldebaran.de MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_54ABE5F4.1DA96507" X-Priority: 3 (Normal) X-Mailer: TYPO3 X-bounce-key: webpack.hosteurope.de;scr...@wp11273xxx.server-he.de;1420551662;b5358da8; X-Spam-Flag: YES X-Spam-Status: Yes, score=6.7 required=5.0 tests=BAYES_50,DATE_IN_FUTURE_96_Q, HTML_MESSAGE,T_FILL_THIS_FORM_SHORT,UNPARSEABLE_RELAY,URI_OBFU_WWW,XPRIO autolearn=spam version=3.3.2 X-Spam-Level: ****** X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eroski.aldebaran.de This is a multi-part message in MIME format. ------------=_54ABE5F4.1DA96507 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit Spam detection software, running on the system "eroski.aldebaran.de", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: xxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxx Content analysis details: (6.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.4 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: date 2.5 URI_OBFU_WWW BODY: Obfuscated URI 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 1.0 XPRIO Has X-Priority header 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. ------------=_54ABE5F4.1DA96507 Content-Type: message/rfc822; x-spam-type=original Content-Description: original message before SpamAssassin Content-Disposition: attachment Content-Transfer-Encoding: 8bit X-Envelope-From: <scr...@wp11273xxx.server-he.de> X-Envelope-To: <i...@aldebaran.de> Received: from vwp12xxx.webpack.hosteurope.de (vwp12xxx.webpack.hosteurope.de [5.35.232.xxx]) by eroski.aldebaran.de(8.14.4/8.14.4/Debian-4) with ESMTP id t06Df1fZ019601 Wed, 10 Dec 2014 14:38:06 +0100 (envelope-from <scr...@wp11273361.server-he.de> Received: from wp11273xxx by vwp12xxx.webpack.hosteurope.de running ExIM with local id 1Y8UNZ-0001NQ-EH; Tue, 06 Jan 2015 14:41:01 +0100 Message-ID: <142055xxxx.54xxxxed54...@www.aldebaran.de> Date: Tue, 06 Jan 2015 14:41:01 +0100 Subject: xxxxxxxxx From: xx...@www.aldebaran.de To: x...@aldebaran.de MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="_=_swift_v4_142055166154abe5ed60ede_=_" X-Priority: 3 (Normal) X-Mailer: TYPO3 X-bounce-key: webpack.hosteurope.de;scr...@wp1127xxxx.server-he.de;1420551662;b5358da8; --_=_swift_v4_142055166154abe5ed60ede_=_ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable [...] ----------------------------8<--------------------------- Greetings and a happy new year, moritz -- System Information: Debian Release: 7.7 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages spamass-milter depends on: ii adduser 3.113+nmu3 ii libc6 2.13-38+deb7u6 ii libgcc1 1:4.7.2-5 ii libmilter1.0.1 8.14.4-4 ii libstdc++6 4.7.2-5 ii spamc 3.3.2-5+deb7u1 Versions of packages spamass-milter recommends: ii sendmail 8.14.4-4 ii spamassassin 3.3.2-5+deb7u1 spamass-milter suggests no packages. -- Configuration Files: /etc/default/spamass-milter changed, and redacted for reproduction: OPTIONS="-u spamass-milter -i 127.0.0.1,aa.bb.cc.192/27,dd.ee.ff.0/24,aa.bb.cc.168/29,aa.bb.cc.176/28 -I -r 15" -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org