https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6462
Kevin A. McGrail <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Kevin A. McGrail <[email protected]> 2010-11-28 09:39:56 UTC --- I believe I am seeing the same issue on an inbound email from Yahoo!'s webmail to my server. This email is a long email that has a number of False Positives but right now I am focus For my particular email, the email is received by Sendmail with a milter of MD. SA is then run from procmail. From checking my logs, MD added two headers, a scanned by and a reverse DNS header. However, I am checking the original email that should be unmodified in all respects. Here is a 3.3.0 test with DKIM 0.37 on the email. The sender email address has been removed for privacy reasons. [r...@intel1 root]# cat /tmp/1 | spamassassin -t -D 2>&1 | grep -i DKIM Nov 28 09:29:04.007 [10620] dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM from @INC Nov 28 09:29:04.578 [10620] dbg: config: fixed relative path: /var/lib/spamassassin/3.003000/updates_spamassassin_org/25_dkim.cf Nov 28 09:29:04.578 [10620] dbg: config: using "/var/lib/spamassassin/3.003000/updates_spamassassin_org/25_dkim.cf" for included file Nov 28 09:29:04.579 [10620] dbg: config: read file /var/lib/spamassassin/3.003000/updates_spamassassin_org/25_dkim.cf Nov 28 09:29:04.815 [10620] dbg: config: fixed relative path: /var/lib/spamassassin/3.003000/updates_spamassassin_org/60_adsp_override_dkim.cf Nov 28 09:29:04.815 [10620] dbg: config: using "/var/lib/spamassassin/3.003000/updates_spamassassin_org/60_adsp_override_dkim.cf" for included file Nov 28 09:29:04.816 [10620] dbg: config: read file /var/lib/spamassassin/3.003000/updates_spamassassin_org/60_adsp_override_dkim.cf Nov 28 09:29:04.869 [10620] dbg: config: fixed relative path: /var/lib/spamassassin/3.003000/updates_spamassassin_org/60_whitelist_dkim.cf Nov 28 09:29:04.872 [10620] dbg: config: using "/var/lib/spamassassin/3.003000/updates_spamassassin_org/60_whitelist_dkim.cf" for included file Nov 28 09:29:04.873 [10620] dbg: config: read file /var/lib/spamassassin/3.003000/updates_spamassassin_org/60_whitelist_dkim.cf Nov 28 09:29:08.745 [10620] dbg: rules: [...] DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1290880365; bh=9h1T6FIV5OYVdD8Wm4EgTkwUSN+CFi0OkkgtnnoyqbM=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=vd23PESxJHuD7GB4vDs/HkEDO/4RO1IzYDtSBg+mNPABtGsRfaJLO0MfJpA1BP1HhV3Hbs7qvRfRmtlBFg0+z0eMYSnZVQTwKIr5VO6qdLxyWwzQ++yh6hbL50qY+Vt2+pyuIyEk8gJypxRtrpdyxJKj2QiuEGzKvPL66UbCc0k= Nov 28 09:29:08.749 [10620] dbg: rules: ran header rule __DKIM_EXISTS ======> got hit: "<YES>" Nov 28 09:29:08.973 [10620] dbg: dkim: using Mail::DKIM version 0.37 Nov 28 09:29:09.057 [10620] dbg: dkim: performing public key lookup and signature verification Nov 28 09:29:09.061 [10620] dbg: dkim: [email protected], d=yahoo.com, a=rsa-sha256, c=relaxed/relaxed, fail, matches author domain Nov 28 09:29:09.061 [10620] dbg: dkim: [email protected], d=yahoo.com, a=rsa-sha1, c=nofws, fail, matches author domain Nov 28 09:29:09.061 [10620] dbg: dkim: signature verification result: FAIL (MESSAGE HAS BEEN ALTERED) Nov 28 09:29:09.062 [10620] dbg: dkim: adsp override for domain yahoo.com Nov 28 09:29:09.062 [10620] dbg: dkim: adsp result: 2/custom_med (override), author domain 'yahoo.com' Nov 28 09:29:09.217 [10620] dbg: rules: ran eval rule DKIM_ADSP_CUSTOM_MED ======> got hit (1) Nov 28 09:29:09.221 [10620] dbg: dkim: FAILED signature by yahoo.com, author [email protected], no valid matches Nov 28 09:29:09.222 [10620] dbg: dkim: FAILED signature by yahoo.com, author [email protected], no valid matches Nov 28 09:29:09.222 [10620] dbg: dkim: author [email protected], not in any dkim whitelist Nov 28 09:29:30.310 [10620] dbg: rules: ran eval rule DKIM_SIGNED ======> got hit (1) Nov 28 09:29:30.313 [10620] dbg: rules: ran eval rule __DKIM_DEPENDABLE ======> got hit (1) Nov 28 09:29:30.648 [10620] dbg: check: tests=AWL,BAD_CREDIT,DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,KAM_RPTR_PASSED,LOTS_OF_MONEY,MONEY_FRAUD_3,NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_NONE,RCVD_IN_RPBLSPAMMER,RFC_ABUSE_POST,T_DKIM_INVALID,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL Nov 28 09:29:30.649 [10620] dbg: check: subtests=__ANY_TEXT_ATTACH,__ANY_TEXT_ATTACH_DOC,__BIGDOLLARSFVGT,__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPART_ALT,__CTYPE_MULTIPART_ANY,__DIPLOMA,__DKIM_DEPENDABLE,__DKIM_EXISTS,__DNS_FROM_RFC_ABUSE,__DNS_FROM_RFC_POST,__DOS_BODY_TUE,__DOS_HAS_ANY_URI,__DOS_RCVD_SAT,__DOS_REF_2_WK_DAYS,__DOS_RELAYED_EXT,__ENV_AND_HDR_FROM_MATCH,__EWG_BAD35,__EWG_BAD36,__EWG_BAD39,__EWG_BAD42,__EWG_BAD43,__EWG_BAD45,__EWG_BAD49,__EWG_BAD51,__EXCLAIM_SUBJ,__FB_GAME,__FB_PICK,__FEES,__FILL_THIS_FORM_LOAN,__FM_LARGE_MONEY,__FM_STOCK_WORDS,__FRAUD_DBI,__FRAUD_FBI,__FROM_FREEMAIL,__FROM_YAHOO_COM,__F_LARGE_MONEY,__HAS_ANY_URI,__HAS_DATE,__HAS_MESSAGE_ID,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAILER,__HAVE_BOUNCE_RELAYS,__HIGHBITS,__HUSH_HUSH,__KAM_CEP6,__KAM_DEBT1,__KAM_LIST4,__KAM_LOTTO3,__KAM_NIGERIAN2_7,__KAM_PIC5,__KAM_REFI4,__KAM_REFI7,__KAM_RPTR_PASSED,__KAM_TIME4,__KAM_UNIV1B,__KAM_UPS2,__KAM_URUNIT3,__KAM_URUNIT4,__LAST_EXTERNAL_RELAY_NO_AUTH,__LAST_UNTRUSTED_RELAY_NO_AUTH,__LOTSA_MO! NEY_00,__LOTSA_MONEY_01,__LUCRATIVE,__MANY_RECIPS,__MBA,__MIME_HTML,__MIME_QP,__MIME_VERSION,__MISSING_REF,__MISSING_REPLY,__MSGID_BEFORE_OKAY,__MSGID_BEFORE_RECEIVED,__NONEMPTY_BODY,__RCD_RDNS_MAIL_MESSY,__RCVD_IN_2WEEKS,__RCVD_IN_DNSWL,__RCVD_IN_RPBL,__RCVD_IN_SORBS,__RCVD_IN_ZEN,__RECOGNITION,__RFC_IGNORANT_ENVFROM,__S25R_1,__SANE_MSGID,__SEX_WRDS,__SPAN_END_TEXT,__SPAN_END_TEXT,__SPAN_END_TEXT,__SPAN_END_TEXT,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TOCC_EXISTS,__TO_NO_ARROWS_R,__TVD_MIME_ATT_TP,__WORD_SEX,__YOU_WON,__YOU_WON_01,__YOU_WON_02 Nov 28 09:29:30.651 [10620] dbg: timing: total 27125 ms - init: 4105 (15.1%), parse: 23 (0.1%), extract_message_metadata: 541 (2.0%), poll_dns_idle: 7 (0.0%), get_uri_detail_list: 119 (0.4%), tests_pri_-1000: 136 (0.5%), compile_gen: 509 (1.9%), compile_eval: 66 (0.2%), tests_pri_-950: 17 (0.1%), tests_pri_-900: 18 (0.1%), tests_pri_-400: 15 (0.1%), tests_pri_0: 21823 (80.5%), dkim_load_modules: 81 (0.3%), check_dkim_signature: 87 (0.3%), check_spf: 161 (0.6%), check_razor2: 376 (1.4%), check_pyzor: 1.35 (0.0%), tests_pri_500: 248 (0.9%), tests_pri_1000: 82 (0.3%), total_awl: 57 (0.2%), check_awl: 3 (0.0%), update_awl: 3 (0.0%) DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_RPBLSPAMMER,RFC_ABUSE_POST,T_DKIM_INVALID, Filter Tests: AWL,BAD_CREDIT,DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,KAM_RPTR_PASSED,LOTS_OF_MONEY,MONEY_FRAUD_3,NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_NONE,RCVD_IN_RPBLSPAMMER,RFC_ABUSE_POST,T_DKIM_INVALID,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1290880365; bh=9h1T6FIV5OYVdD8Wm4EgTkwUSN+CFi0OkkgtnnoyqbM=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=vd23PESxJHuD7GB4vDs/HkEDO/4RO1IzYDtSBg+mNPABtGsRfaJLO0MfJpA1BP1HhV3Hbs7qvRfRmtlBFg0+z0eMYSnZVQTwKIr5VO6qdLxyWwzQ++yh6hbL50qY+Vt2+pyuIyEk8gJypxRtrpdyxJKj2QiuEGzKvPL66UbCc0k= Filter Tests: AWL,BAD_CREDIT,DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,KAM_RPTR_PASSED,LOTS_OF_MONEY,MONEY_FRAUD_3,NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_NONE,RCVD_IN_RPBLSPAMMER,RFC_ABUSE_POST,T_DKIM_INVALID,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid Regards, KAM -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
