[Qmail-scanner-general]Hyphen in email address causing troubles?

James Herschel Thu, 29 Jan 2004 14:16:23 -0800

Howdy,

I've tried the SA, Qmail mailing lists, but I'm hoping to get some input
from you guys too.


Basically, I've got a user with a hyphen in their email address and it
_seems_ to be breaking qmail-scanner.

I'm using:
Qmail-1.03
SA-2.61
Qmail-scanner-1.20st (patched for dropping high scores (**none of the
special patch features are used in my config though**)
ClamAV 0.65

SA has been working great except for this one user it seems.  Here is a
header of a spam that slipped through.  It looks like it has been processed,
but there is no scoring or score breakdown (I enable full-logging and score
breakdowns for each email - spam or not).  You'll see from the headers that
there are an inordinate amount of "?" where a score should be.  Below the
headers, I've also attached the coinciding SA log that shows that the email
SHOULD have been tagged as spam.

If you guys can't help, I'm going to have to change this user's email ;-P

Thanks in advance,

James


Headers
---------------
Return-Path:
<[EMAIL PROTECTED]>
Received: from spambox.mydomain.com (xxx.xxx.xxx.xxx) by mydomain.com with
SMTP
 (Eudora Internet Mail Server 3.2.1) for <[EMAIL PROTECTED]>;
 Fri, 23 Jan 2004 02:53:22 -0500
Received: (qmail 15061 invoked by uid 104); 23 Jan 2004 02:53:22 -0500
Received: from
[EMAIL PROTECTED] by
spambox.mydomain.com by uid 100 with qmail-scanner-1.20st
 (clamscan: 0.65. spamassassin: 2.60.
Clear:RC:0(69.6.28.135):SA:0(Received: from 20.pntaa.com (69.6.28.135)/?):.
 Processed in 0.998673 secs); 23 Jan 2004 07:53:22 -0000
X-Spam-Status: No, hits=Received: from 20.pntaa.com (69.6.28.135) required=?
Received: from 20.pntaa.com (69.6.28.135)
  by spambox.mydomain.com with SMTP; 23 Jan 2004 02:53:21 -0500
Received: (from [EMAIL PROTECTED])
        by 20.pntaa.com (8.8.8/8.8.8) id SAA17094;
        Thu, 22 Jan 2004 18:31:29 -0800 (PST)
Date: Thu, 22 Jan 2004 18:48:29 -0800 (PST)
Message-Id: <[EMAIL PROTECTED]>
From: Dish Management <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-info: Please report complaints to [EMAIL PROTECTED]
X-info: All e-mails sent through this system contains full working
unsubscription info.
Subject: Free Digital Video Recorder & 3 Free Months of Dish Network
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="MIME_BOUNDARY-18751-0-1074830530"

SA Logs
---------------------------


Jan 22 17:40:13 spambox spamd[14113]: logmsg: processing message
<[EMAIL PROTECTED]> for
[EMAIL PROTECTED]:401.
Jan 22 17:40:13 spambox spamd[14113]: processing message
<[EMAIL PROTECTED]> for
[EMAIL PROTECTED]:401.
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes: 14113 tie-ing to DB file
R/O /var/qmail/.spamassassin/.spamassassin/bayes_toks
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes: 14113 tie-ing to DB file
R/O /var/qmail/.spamassassin/.spamassassin/bayes_seen
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes: found bayes db version 2
Jan 22 17:40:13 spambox spamd[14113]: debug: debug: Scoreset 1 but Bayes is
available, switching scoresets
Jan 22 17:40:13 spambox spamd[14113]: debug: Score set 3 chosen.
Jan 22 17:40:13 spambox spamd[14113]: debug: received-header: parsed as [
ip=69.6.16.123 rdns=23.bluerocketonline.com helo= by=spambox.mydomain.com
ident= ]
Jan 22 17:40:13 spambox spamd[14113]: debug: received-header: 'by'
spambox.mydomain.com has public IP xxx.xxx.xxx.xxx
Jan 22 17:40:13 spambox spamd[14113]: debug: received-header: relay
69.6.16.123 trusted? no
Jan 22 17:40:13 spambox spamd[14113]: debug: is Net::DNS::Resolver
available? yes
Jan 22 17:40:13 spambox spamd[14113]: debug: all '*From' addrs:
[EMAIL PROTECTED]
Jan 22 17:40:13 spambox spamd[14113]: debug: running header regexp tests;
score so far=0
Jan 22 17:40:13 spambox spamd[14113]: debug: running body-text per-line
regexp tests; score so far=0
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes corpus size: nspam =
28022, nham = 24644
Jan 22 17:40:13 spambox spamd[14113]: debug: uri tests: Done uriRE
Jan 22 17:40:13 spambox spamd[14113]: debug: tokenize: header tokens for *m
= " 200401221958 LAA43990 23 bluerocketonline com "
Jan 22 17:40:13 spambox spamd[14113]: debug: tokenize: header tokens for *F
= "U*TailWaggingOffer D*23.bluerocketonline.com D*bluerocketonline.com
D*com"
Jan 22 17:40:13 spambox spamd[14113]: debug: tokenize: header tokens for To
= "U*cdrouin-charters D*mydomain.com D*com"
Jan 22 17:40:13 spambox spamd[14113]: debug: tokenize: header tokens for
MIME-Version = ""
Jan 22 17:40:13 spambox spamd[14113]: debug: tokenize: header tokens for *c
= "multipart/alternative;  MIMH _ HOUNHHRY - HHHH - H - HHHHHHHHHH"
Jan 22 17:40:13 spambox spamd[14113]: debug: tokenize: header tokens for *r
= "(  [EMAIL PROTECTED]) by 23.bluerocketonline.com (8.8.8/8.8.8)  ; "
Jan 22 17:40:13 spambox spamd[14113]: debug: tokenize: header tokens for *r
= "(  [EMAIL PROTECTED]) by 23.bluerocketonline.com (8.8.8/8.8.8)  ;
23.bluerocketonline.com (69.6.16) by spambox.mydomain.com    ; "
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'Westminster' =>
0.999929583904893
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token '80234' =>
0.999925615842859
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token '120th' =>
0.999925615842859
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'sk:Optinre' =>
0.999925012173349
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:sk:NN.blue' =>
0.999921441931644
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'H*m:sk:blueroc' =>
0.999921441931644
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'H*r:69.6.16' =>
0.999921441931644
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:H*r:sk:NN.blue'
=> 0.999921441931644
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'N:H*F:D*NN.bluerocketonline.com' => 0.999920495611771
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'UD:bluerocketonline.com' => 0.999920495611771
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'D*bluerocketonline.com' => 0.999920495611771
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'H*F:D*bluerocketonline.com' => 0.999920495611771
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'H*c:HOUNHHRY' =>
0.999896898013836
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'unsub.php' =>
0.999810733306022
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'H*F:U*TailWaggingOffer' => 0.999650264950795
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'sk:r.TailW' =>
0.999650264950795
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'sk:TailWag' =>
0.999636506687647
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'UD:-cdrouin-charters' => 0.998604229607251
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'UD:mydomain.com.-cdrouin-charters' => 0.998604229607251
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'UD:com.-cdrouin-charters' => 0.998604229607251
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:NNNth' =>
0.998101393385656
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'pixel.php' =>
0.997298245614035
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'UD:secureinternetstores.com' => 0.996940397350993
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token '209.90.125.180' =>
0.996940397350993
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'D*23.bluerocketonline.com' => 0.996181818181818
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'sk:23.blue' =>
0.996181818181818
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'H*F:D*23.bluerocketonline.com' => 0.996181818181818
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'H*r:sk:23.blue' =>
0.996181818181818
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'H*r:sk:daemon@' =>
0.994798296097006
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token '1333' =>
0.994463757086035
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:NNmydomain.com'
=> 0.991744067038601
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token '40mydomain.com' =>
0.991744067038601
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token '364' =>
0.990941176470588
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'H*c:MIMH' =>
0.984901354810788
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'HTo:U*cdrouin-charters' => 0.98396744460915
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'adk' => 0.978
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token '437' => 0.978
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'Month' =>
0.970689853317335
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'mailings' =>
0.963246900133241
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:vNN' =>
0.960916652141084
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'URI' =>
0.959710006932223
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'orb1adk' => 0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:sk:Nea-Num' =>
0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:orbNadk' =>
0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'sk:2ea-7um' =>
0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'pilot4.gif' =>
0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'pilot3.jpg' =>
0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'pilot1.gif' =>
0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:pilotN.gif' =>
0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:pilotN.jpg' =>
0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'v64' => 0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'pilot2.gif' =>
0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token '84062' => 0.958
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'UD:jpg' =>
0.957898923965065
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'UD:php' =>
0.955968177415639
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'UD:gif' =>
0.952678390497613
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:H*r:NN.N.NN' =>
0.95221314200083
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'advertisement' =>
0.926539038136478
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'N:H*m:LAANNNNN' =>
0.0747572733701206
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'https' =>
0.0748118645150941
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'Ave' =>
0.92173277750313
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'remove' =>
0.91809521962837
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token '101' =>
0.912688097029678
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'sk:cdrouin' =>
0.910059748840374
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'H*c:HHHHHHHHHH' =>
0.906114810796348
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'H*c:alternative'
=> 0.902176959524633
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'images' =>
0.89841452519204
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'blank' =>
0.889817679174394
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token 'offers' =>
0.866711981452369
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes token
'N:H*m:NNNNNNNNNNNN' => 0.135056681530333
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes: score = 1
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes: 14113 untie-ing
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes: 14113 untie-ing db_toks
Jan 22 17:40:13 spambox spamd[14113]: debug: bayes: 14113 untie-ing db_seen
Jan 22 17:40:13 spambox spamd[14113]: debug: Razor2 is available
Jan 22 17:40:13 spambox spamd[14113]: debug: entering helper-app run mode
Jan 22 17:40:17 spambox spamd[14113]: debug: Using results from Razor v2.36
Jan 22 17:40:17 spambox spamd[14113]: debug: Found Razor2 part: part=0
engine=4 ct=0 cf=0
Jan 22 17:40:17 spambox spamd[14113]: debug: Found Razor2 part: part=1
engine=4 ct=0 cf=0
Jan 22 17:40:17 spambox spamd[14113]: debug: leaving helper-app run mode
Jan 22 17:40:17 spambox spamd[14113]: debug: Razor2 results: spam? 0
highest cf score: 0
Jan 22 17:40:17 spambox spamd[14113]: debug: running raw-body-text per-line
regexp tests; score so far=0.863
Jan 22 17:40:17 spambox spamd[14113]: debug: running uri tests; score so
far=1.752
Jan 22 17:40:17 spambox spamd[14113]: debug: uri tests: Done uriRE
Jan 22 17:40:17 spambox spamd[14113]: debug: running full-text regexp tests;
score so far=2.353
Jan 22 17:40:17 spambox spamd[14113]: debug: DCCifd is not available: no r/w
dccifd socket found.
Jan 22 17:40:17 spambox spamd[14113]: debug: Razor2 is available
Jan 22 17:40:17 spambox spamd[14113]: debug: forged-HELO:
from=bluerocketonline.com helo= by=mydomain.com
Jan 22 17:40:17 spambox spamd[14113]: debug: all '*To' addrs:
[EMAIL PROTECTED]
Jan 22 17:40:17 spambox spamd[14113]: debug: DNS MX records found: 1
Jan 22 17:40:18 spambox spamd[14113]: debug: RBL: success for 9 of 9 queries
Jan 22 17:40:18 spambox spamd[14113]: debug: running meta tests; score so
far=6.666
Jan 22 17:40:18 spambox spamd[14113]: debug: auto-learn? ham=0.1, spam=10,
body-hits=6.666, head-hits=5.202
Jan 22 17:40:18 spambox spamd[14113]: debug: auto-learn: currently using
scoreset 3.  recomputing score based on scoreset 1.
Jan 22 17:40:18 spambox spamd[14113]: debug: Score set 1 chosen.
Jan 22 17:40:18 spambox spamd[14113]: debug: auto-learn: original score:
6.766, recomputed score: 7.897
Jan 22 17:40:18 spambox spamd[14113]: debug: Score set 3 chosen.
Jan 22 17:40:18 spambox spamd[14113]: debug: auto-learn? no: inside
auto-learn thresholds
Jan 22 17:40:18 spambox spamd[14113]: debug: is spam? score=12.166
required=5
tests=BAYES_99,CLICK_BELOW,HTML_50_60,HTML_LINK_CLICK_HERE,HTML_MESSAGE,HTML
_WEB_BUGS,MAILTO_SUBJ_REMOVE,NORMAL_HTTP_TO_IP,OFFERS_ETC,RCVD_IN_BL_SPAMCOP
_NET,RCVD_IN_NJABL,RCVD_IN_NJABL_SPAM,RCVD_IN_SBL,RCVD_IN_SORBS,REMOVE_PAGE
Jan 22 17:40:18 spambox spamd[14113]: logmsg: identified spam (12.2/5.0) for
[EMAIL PROTECTED]:401 in 4.5 seconds, 4086 bytes.
Jan 22 17:40:18 spambox spamd[14113]: identified spam (12.2/5.0) for
[EMAIL PROTECTED]:401 in 4.5 seconds, 4086 bytes.




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

[Qmail-scanner-general]Hyphen in email address causing troubles?

Reply via email to