http://bugzilla.spamassassin.org/show_bug.cgi?id=3740
------- Additional Comments From [EMAIL PROTECTED] 2004-09-02 10:33 ------- Subject: Re: yahoo bounce are filtered out by spamassassin > http://bugzilla.spamassassin.org/show_bug.cgi?id=3740 > > > > > > ------- Additional Comments From [EMAIL PROTECTED] 2004-09-01 21:27 > ------- I read your comments enough to form a hypotheses ofthe problem and > a solution. You say that all the information is in what you pasted in the > various comments. I say, once again, that we need a copy of an actual > email as received by MIMEDefang before it is processed, ATTACHED (note > that word and the emphasis again) to this bug report, so we have a real > test case with which to verify the bug *and the fix* before any change to > code is checked in. > > Are you really saying that the entire header that you got from yahoo.com > was comprised of: Yes, except for the Return-Path: Here's the code that reconstructs the message. # invoke spamcannibal if (defined $Actions{discard} && $Actions{discard}) { if (defined (my $virus_name = sc_mail_discard())) { if ($virus_name) { sc_profile('virus'); } else { $SpamCannibalReason =~ /\S+/; sc_profile($&); } md_graphdefang_log('sent to spamcannibal',$report); my $smhelo = $Helo || ''; my $origin = $SendmailMacros{_} || ''; my $if_name = $SendmailMacros{if_name} || ''; my $mail_mailer = uc $SendmailMacros{mail_mailer} || 'SMTP'; my $smid = $SendmailMacros{i} || ''; my $smfor = (@Recipients) ? join(',',@Recipients) : ''; chop $smfor if $smfor =~ /,$/; my $smdate = rfc2822_date(); local(*R,*I); open(R,'>./MY_COPY'); # add current received: from header print R qq |Received: from $smhelo ($origin) by $if_name with $mail_mailer id $smid for $smfor; $smdate |; open(I,'INPUTMSG'); foreach(<I>) { print R $_; next unless $virus_name; # strip virus attachment last if $_ =~ /name.+$virus_name/i; } close I; close R; my $new = MIME::Entity->build( From => '[EMAIL PROTECTED]', To => $SpamCannibalModerator, Subject => '[SPAM] '. $SpamCannibalReason, 'Reply-To' => $SpamCannibalReplyTo, Encoding => 'quoted-printable', Type => 'text/plain', Path => 'MY_COPY', 'X-Spam-Score' => $xspamscore, ); open(R,'>./MY_REPLACEMENT'); $new->print(\*R); close R; rename 'MY_REPLACEMENT', 'INPUTMSG'; resend_message($SpamCannibalModerator); return; } # else drop the message The first received from line (ns2 in this case) is constructed from the info available from SendmailMacros since it does not really exist yet, the rest of the input header+body is spooled to the replacement file intact, then a header is constructed for the moderator and the original input message is attached as the body of the new message sent to the moderator. ------ background This has nothing to do with the bug report, but this is done so that the offending message can be easily inspected by a human then either dropped or emailed to a collection robot for analysis and addition to our DNSBL database. This is all part of the SpamCannibal effort. Michael > > Received: from mta368.mail.scd.yahoo.com (mta368.mail.scd.yahoo.com > [66.94.234.148]) > by ns2.bizsystems.net with LOCAL id i81JYPNu012882 > for <[EMAIL PROTECTED]>; Wed, 01 Sep 2004 12:34:29 -0700 > (PDT) > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > X-Loop: [EMAIL PROTECTED] > Subject: Delivery failure > > Does that mean that the mail server at ns2.bizsystems.net is taking an > SMTP connection refused by mta368.mail.scd.yahoo.com and making it look > like an email sent from MAILER-DAEMON at yahoo.com? That would be a > forgery. What is the explanation for only one Received header with LOCAL > ID? > > I'm afraid that without being able to reproduce this and without seeing > the actual mail that was delivered and passed through to SpamAssassin > there is not much we can do. And if you can get such a sample, please > attach it as an attachment using Bugzilla's Create New Attachment link so > that we get it as an attachment. > > > > > > ------- You are receiving this mail because: ------- > You reported the bug, or are watching the reporter. > ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
