Which line?
Darin.
----- Original Message -----
Sent: Wednesday, April 13, 2005 1:58 PM
Subject: Re: [Declude.JunkMail] Something new with v
2.0.6
We have incoming email scanned by Symantec Gateway
Antivirus then have to sent to the imail server.
For some of my tests I bypassed the Symantec server
and the problem remained.
Only removing the line listed fixed the
problem.
----- Original Message -----
Sent: Wednesday, April 13, 2005 1:43
PM
Subject: Re: [Declude.JunkMail] Something
new with v 2.0.6
Fred,
The example that you sent earlier was being
processed twice and it was passing through IMail to Symantec and back to IMail
with some other forwarding mechanism as well, and the headers were written 30
seconds apart. I think that understanding what is happening there might
be beneficial to uncovering the issue at hand, and maybe there are steps in
that chain that are unnecessary or out of place.
I don't doubt that
2.0.6 might have introduced a bug that is reacting to this condition, but the
path the E-mail is taking doesn't seem normal and that could be affecting it,
and probably is why others aren't reporting this. Knowing what is going
on within your system might also help Declude diagnose the issue better
also.
Your config looks just fine, but the path the E-mail is taking
looks abnormal to me.
Matt
Frederick Samarelli
wrote:
This is not the case.
I sent a test from my Yahoo account to my imail
account.
If I look at it in Imail it is ok.
If I do the test again having a forward in on
my imail account to an AOL account the header info get placed in the top of
the BODY when I received it at my AOL account.
See below from the TEXT of the
BODY.
X-Spam-Tests-Failed Weight: SNIFFERZERO
[0] X-Spam-Time:12:53:55 X-Note: Total spam weight of this E-mail is
0 X-Note: This E-mail was scanned & filtered by Declude [2.0.6] for
SPAM & virus X-Spam-Tests-Failed: SNIFFERZERO X-Weight:
0 X-Mailfrom: samarelli.yahoo.com X-Note: Sent from: [EMAIL PROTECTED]X-Note: Sent
from Reverse DNS: web51803.mail.yahoo.com
([206.190.38.234]) X-Hello: web51803.mail.yahoo.com X-Note:
Recipient(s): [EMAIL PROTECTED]X-Country-Chain:
UNITED STATES->destination X-AOL-IP:
64.124.116.40 X-AOL-SCOLL-SCORE:0:0:0: X-AOL-SCOLL-URL_COUNT:0
-----
Original Message -----
Sent:
Wednesday, April 13, 2005 11:49 AM
Subject:
Re: [Declude.JunkMail] Something new with v 2.0.6
Fred,
It looks like two full sets of Declude's
XINHEADER's, and something caused a double line break in it. I am
also having a problem understanding the path that this E-mail took, and
maybe that will give you some clues. There is something forwarding
the message and that might partially explain why it has two sets of
headers, but the double line break shouldn't appear there.
Maybe
you could explain the path that this took: 64.124.116.10 (IMail) -> SMTP32-FWD (Probably also IMail) -> 64.124.116.40 (SMSSMTP,
Symantec???) -> 64.124.116.30
(IMail again).
I am going to guess that it is possible
that Declude is getting confused based on the body being in a format
similar to a header where there is a word followed by a colon, and in the
process, it might be inserting the headers in the wrong location when it
is adding them the second time. Total guess there of course. I
suspect that the path is causing some form of double-processing, possibly
the Symantec SMSSMTP piece, and that if you could resolve that, the
problem might go away. Also note that the headers show a 30 second
difference between the headers, so it's going somewhere.
So to
summarize, it looks like it's being double-processed due to some mechanism
involving SMSSMTP, and Declude is maybe parsing the message incorrectly
for where to insert the second set of headers, and if you could get it to
only process it once (remove forwarding/looping possible issue), the
symptom might go away. If so, Declude might also want to look at the
parsing code for where to insert the headers and account for the condition
in future releases as I'm sure that isn't
intentional.
Matt
Frederick Samarelli wrote:
See attached config.
The problem only started after the update
from 2.0.5 to 2.0.6
-----
Original Message -----
Sent:
Wednesday, April 13, 2005 10:39 AM
Subject:
Re: [Declude.JunkMail] Something new with v 2.0.6
I think we're going to have to see the
Global.CFG to figure out if there's a misconfiguration. I
certainly looks like your entire XINHEADER config is
duplicated.
Darin.
-----
Original Message -----
Sent: Wednesday, April 13, 2005 10:34 AM
Subject: [Declude.JunkMail] Something new with v
2.0.6
HEADER
Received: from dns2.tcbinc.net
[64.124.116.30] by bks.tcbinc.com (SMTPD32-8.15) id
A5E13540470; Wed, 13 Apr 2005 03:10:25 -0400 Received: from
mail.tcbinc.net ([64.124.116.40]) by dns2.tcbinc.net (SMSSMTP
4.1.0.19) with SMTP id M2005041303105928414 for <[EMAIL PROTECTED]>; Wed, 13 Apr
2005 03:10:59 -0400 Received: from SMTP32-FWD by
mail.tcbinc.net (SMTP32) id AC601002507EA4CF6; Wed, 13 Apr
2005 03:10:59 -0400 Received: from ADS [64.124.116.10] by
mail.tcbinc.net (SMTPD32-8.15) id A6012507EA; Wed, 13 Apr
2005 03:10:57 -0400 SUBJECT: Virus Found Message-Id: <[EMAIL PROTECTED]> X-RBL-Warning:
SNIFFERZERO: Message failed SNIFFERZERO: 0. X-RBL-Warning:
CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: SPFPASS:
SPF returned PASS for this E-mail. X-RBL-Warning: BADHEADERS: This
E-mail was sent from a broken mail client
[8c200000]. X-RBL-Warning: WEIGHT10: Total weight between 10 and
14. X-Declude-Sender: [EMAIL PROTECTED]
[64.124.116.10] X-Declude-Spoolname:
DC601002507EA4CF6.SMD X-RBL-Warning: SNIFFERZERO: Message failed
SNIFFERZERO: 0. X-RBL-Warning: SPFPASS: SPF returned PASS for this
E-mail. X-RBL-Warning: BADHEADERS: This E-mail was sent from a
broken mail client [8c200000]. X-RBL-Warning: HELOBOGUS: Domain ADS
has no MX or A records [0301]. X-Declude-Sender: [EMAIL PROTECTED]
[64.124.116.10] X-Declude-Spoolname:
DC5E1035404704CAF.SMD X-Note: Total spam weight of this E-mail is
3. X-RBL-Warning: Total weight: 3 X-Note: This E-mail was
scanned & filtered by TCB [2.0.6] for SPAM &
virus. X-Spam-Tests-Failed: SNIFFERZERO, SPFPASS, BADHEADERS,
HELOBOGUS X-Spam-Tests-Failed Weight: SNIFFERZERO [0], SPFPASS [0],
BADHEADERS [2], HELOBOGUS [1] X-Spam-Time:03:10:29 X-Weight:
3 X-Mailfrom: fred.tcbinc.net X-Note: Sent from: [EMAIL PROTECTED] X-Note: Sent from
Reverse DNS: ads.tcbinc.net ([64.124.116.10]) X-Hello:
ADS X-Note: Recipient(s): [EMAIL PROTECTED] X-Country-Chain:
UNITED STATES->destination From: [EMAIL PROTECTED] Date: Wed, 13 Apr
2005 03:10:29 -0400 X-RCPT-TO: <[EMAIL PROTECTED]> Status:
U X-UIDL: 411698213
BODY:
X-Spam-Tests-Failed Weight: SNIFFERZERO
[0], CMDSPACE [8], SPFPASS [0], BADHEADERS [2], WEIGHT10
[10] X-Spam-Time:03:10:59 X-Note: Total spam weight of this
E-mail is 10 X-Note: This E-mail was scanned & filtered by
Declude [2.0.6] for SPAM & virus X-Spam-Tests-Failed:
SNIFFERZERO, CMDSPACE, SPFPASS, BADHEADERS, WEIGHT10 X-Weight:
10 X-Mailfrom: fred.tcbinc.net X-Note: Sent from: [EMAIL PROTECTED] X-Note: Sent from
Reverse DNS: ads.tcbinc.net ([64.124.116.10]) X-Hello:
ADS X-Note: Recipient(s): [EMAIL PROTECTED] X-Country-Chain:
UNITED STATES->destination Date: Wed, 13 Apr 2005 03:10:59
-0400
Virus:[EMAIL PROTECTED] Alert: Virus
Found Computer: DNS2 Date: 04/13/2005 Time: 03:10:54
AM Severity: Critical Source: Norton AntiVirus Corporate
Edition
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|