Re: [Mimedefang] Help with header checking
On Tue, 1 Dec 2020 13:10:43 -0500
Joseph Brennan wrote:
> We used this to create an array of header information:
> if (open(IN, '<', './HEADERS')) {
> while() {
> chomp;
> if (/^(\S+):\s*(.*)/) {
> my $label = $1;
> my $data = $2;
> $label = lc($label);
> $Header{$label} = $data;
> if ($label eq 'received') {
> push(@Received,$data);
> }
> }
> close(IN);
> }
Hmm. Received: isn't the only header that can permit multiple instances.
You may lose some information here.
Why would you not just use the MIME::Head object that you can
get from $entity->head? It has all the headers pre-parsed and has
decent accessors.
(I assume this is all academic (heh...) as Columbia looks to be
using Proofpoint now.)
Regards,
Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
We used this to create an array of header information:
if (open(IN, '<', './HEADERS')) {
while() {
chomp;
if (/^(\S+):\s*(.*)/) {
my $label = $1;
my $data = $2;
$label = lc($label);
$Header{$label} = $data;
if ($label eq 'received') {
push(@Received,$data);
}
}
close(IN);
}
So following this, if for example we want to test the From: header, we
check $Header{'from'}
Received: was handled specially. It could end up an empty list. I
don't think we checked for that!
Hmm... If HEADERS was not there (??) it fails silently and
$Header{'anything'} is empty. The rest of filter still works,
but maybe we should have logged that case.
--
Joseph Brennan
Lead, Email and Systems Applications
Columbia University Information Technology
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On Thu, 26 Nov 2020 12:47:56 -0500 "Bill Cole" wrote: [snip] > That Received header is added by Sendmail *AFTER* all milters have > done their end-of-data work. It is not present when MD sees the > message. So as per Bill Cole's analysis, it seems there were indeed no Received: headers on the mail as seen by MIMEDefang. As for why SpamAssassin is not running, Bill's guess (size limit) is a pretty good one, but we can't know for sure without seeing your filter code. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On 11/26/20 6:47 PM, Bill Cole wrote: That Received header is added by Cyrus during delivery, so obviously it's not present when MD sees the message. Of course... That Received header is added by Sendmail *AFTER* all milters have done their end-of-data work. It is not present when MD sees the message. Oh! That's the part I was missing and I think this answers my first question. Thank you very much! A common reason for SA not being called by MD is a size limit. The example mimedefang-filter script includes a limit that made more sense 15 years ago than it does today, when spammers routinely send huge garbage. I had already rised this, so I don't think it's the reason. I'll keep an eye on this anyway, as I had forgot about this limit and ut might have been hit in some other cases. Thanks a lot again. bye av. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On 26 Nov 2020, at 11:55, Andrea Venturoli wrote:
[...]
Anyway... you need to capture the message (or at least the headers)
so we can analyze what's going on.
Here's a sample:
Return-Path:
Received: from soth.netfence.it ([unix socket])
by mailserver.netfence.it (Cyrus 3.0.14) with LMTPA;
Wed, 25 Nov 2020 03:45:44 +0100
That Received header is added by Cyrus during delivery, so obviously
it's not present when MD sees the message.
X-Cyrus-Session-Id:
mailserver.netfence.it-557-1606272344-1-3657946293514545252
X-Sieve: CMU Sieve 3.0
Received: from poeconomico.casa (vds74451.mgn-host.ru
[89.191.230.250] (may be forged))
by soth.netfence.it (8.16.1/8.16.1) with ESMTPS id 0AP2jef2000844
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NO)
for ; Wed, 25 Nov 2020 03:45:43 +0100 (CET)
(envelope-from pag...@poeconomico.casa)
That Received header is added by Sendmail *AFTER* all milters have done
their end-of-data work. It is not present when MD sees the message.
Authentication-Results: soth.netfence.it;
dkim=pass (2048-bit key) header.d=poeconomico.casa
header.i=pag...@poeconomico.casa header.b=cGnTmyJh
X-Authentication-Warning: soth.netfence.it: Host vds74451.mgn-host.ru
[89.191.230.250] (may be forged) claimed to be poeconomico.casa
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=key1;
d=poeconomico.casa;
h=Message-ID:From:To:Subject:Date:MIME-Version:Content-Type;
i=pag...@poeconomico.casa;
bh=xbJLlOE1CWUnav77hJisuzISPwtefQrfatVm8E+8Sow=;
b=cGnTmyJh1B9VDyiBCFcRI2pVOQqJ+fw65kJL6vCU15L3GTJXXNxpgd0HHyeFDlXYj/1o+HHX3mkt
m1YEVxiN/83OcZzQGMRhFLk6rVtoTMARuN/uO1fYAaxcCLqpsM5YLyU6NPIwsYsCkZx0pz4vCtMo
Scl4h3E9zx52tto+NClcudYfpP+NW8QkC1J3Wu3ZkwGcBE2HkxsX7TOkR0OAk8ottDAu3OThcvCL
SCuDoaaZxBxok24KZUJ663tjzPFMPih+Lna0Gx7bmYi//3mvI+7vkwQNMztima+51SQiI+UI77Ro
H/M9ke7T0CNZfImI7dd+x4KluyNSe4dyH83DKQ==
Message-ID: <2a3970dc95e4cec62a2f9935fd496366a1e...@poeconomico.casa>
From: accountant
To: xxx...@netfence.it
Subject: Ho trovata la tua email attraverso il servizio di
appuntamenti "meetic.it".
Date: Wed, 25 Nov 2020 02:44:07 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="2bd19889d80c22e13d3871e175a182d1cd7a"
X-Scanned-By: MIMEDefang 2.83
As you can see:
_ there's no X-Spam-Score header: either SpamAssassin didn't detect
this or it wasn't even launched;
_ if it ran, it should have added 100 points alone since "*.casa" is
blacklisted; that alone should have been enough;
A common reason for SA not being called by MD is a size limit. The
example mimedefang-filter script includes a limit that made more sense
15 years ago than it does today, when spammers routinely send huge
garbage. Somewhere in the filter() or filter_end() subroutine in your
mimedefang-filter there's a conditional code structure that governs
whether SA is called, and that is where to look for the failure. If your
code has retained the check from the distribution example, it will look
something like this:
# Spam checks if SpamAssassin is installed
if ($Features{"SpamAssassin"}) {
if (-s "./INPUTMSG" < 100*1024) {
# Only scan messages smaller than 100kB. Larger messages
# are extremely unlikely to be spam, and SpamAssassin is
# dreadfully slow on very large messages.
my($hits, $req, $names, $report) = spam_assassin_check();
Note also that the comment is a bit outdated. We've done a LOT of
improvement in SA's performance with large messages, mostly by
eliminating the use of ".*" in rules except when absolutely necessary.
_ also 89.191.230.250 range is in my personal DNSBL and again this
alone should have been enough.
If that DNSBL is being used directly from Sendmail, that's a different
failure. If it's being used via SpamAssassin, it's also due to not
calling SA from MD.
N.B.
Running spamassassin on the command line effectively gives the score I
expect, so I just *think* it's not called. What in the end I'm trying
to see is why.
Calling spamassassin and the code I posted are two different things:
but I see the latter is also failing and I thought that might give
some hint.
If there's a better way to see why spamassassin fails it would
probably enough (although curiosity... :).
Look for the call to "spam_assassin_check()" in mimedefang-filter and
work backwards.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On 11/25/20 11:45 AM, Andrea Venturoli wrote:
[...]
> Are Mail::Header and Mail::Field still current? Or are they obsolete? If so,
> what should be used as a replacement?
>
> For these messages, I see in the logs:
>> mimedefang.pl[23042]: 0AP2jef2000844: head = %Mail::Header=HASH(0x1fe80ae0)
>> mimedefang.pl[23042]: 0AP2jef2000844: RecHeads = %
>
> So it seems Mail::Header parsed the message, but either found no Received
> header (and they are there!) or it's Mail::Field that fails.
> How would I log more data to know what's going on?
>
> I tried adding:
>> foreach $key (keys %$head)
>> {
>> md_syslog('warning',"$key is $head{$key}");
>> }
> Alas, only the keys are printed, not the values.
>
> Any hint?
>
this very simple parser seems to correctly parse the sample headers you posted,
maybe there is something wrong inside the "foreach my $rechead (@recheads)"
portion of the code.
Giovanni
received_hdrs.pl
Description: Perl program
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On 11/26/20 3:47 PM, Dianne Skoll via MIMEDefang wrote:
You shouldn't really print "head = %$head" because you don't know the
implementation details of Mail::Header. Treat it as an opaque object.
So how do I know why/how it failed?
I suggest calling action_quarantine_entire_message() if you get no
received headers so you can preserve a copy of the original message for
analysis.
Sorry, I think I wasn't clear: I have such messages!
They are spam getting through, so I've been able to examine them.
What I don't understand is why they weren't blocked, when, IMNSHO, there
are more than a reason for them to be.
It should be $head->{$key} and is unlikely to be useful; you're
printing instance variables on the Mail::Header object, which most
likely do not correspond to actual headers.
> If you want to log @recheads, I would do it like this:
>
> md_syslog('warning', 'recheads = ' . join(', ', @recheads));
Thanks.
What I'm now getting is something like:
mimedefang.pl[86009]: 0AQGZBmM087137: head = %Mail::Header=HASH(0x1617cac8)
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_modify is 0
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_foldlen is 79
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_lengths is HASH(0x19404798)
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_list is ARRAY(0x15e19060)
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_hash is HASH(0x178b94b0)
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_mail_from is KEEP
mimedefang.pl[86009]: 0AQGZBmM087137: recheads =
Mail::Field::Received=HASH(0x180a4630)
It's better than nothing.
Now I'm waiting for such spam to arrive, so I can see in what way it's
different.
I think I first need to understand if it's Mail::Header (earlier) or
Mail::Field (later) that is failing to parse.
Anyway... you need to capture the message (or at least the headers)
so we can analyze what's going on.
Here's a sample:
Return-Path:
Received: from soth.netfence.it ([unix socket])
by mailserver.netfence.it (Cyrus 3.0.14) with LMTPA;
Wed, 25 Nov 2020 03:45:44 +0100
X-Cyrus-Session-Id: mailserver.netfence.it-557-1606272344-1-3657946293514545252
X-Sieve: CMU Sieve 3.0
Received: from poeconomico.casa (vds74451.mgn-host.ru [89.191.230.250] (may be
forged))
by soth.netfence.it (8.16.1/8.16.1) with ESMTPS id 0AP2jef2000844
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for ; Wed, 25 Nov 2020 03:45:43 +0100 (CET)
(envelope-from pag...@poeconomico.casa)
Authentication-Results: soth.netfence.it;
dkim=pass (2048-bit key) header.d=poeconomico.casa
header.i=pag...@poeconomico.casa header.b=cGnTmyJh
X-Authentication-Warning: soth.netfence.it: Host vds74451.mgn-host.ru
[89.191.230.250] (may be forged) claimed to be poeconomico.casa
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=key1;
d=poeconomico.casa;
h=Message-ID:From:To:Subject:Date:MIME-Version:Content-Type;
i=pag...@poeconomico.casa;
bh=xbJLlOE1CWUnav77hJisuzISPwtefQrfatVm8E+8Sow=;
b=cGnTmyJh1B9VDyiBCFcRI2pVOQqJ+fw65kJL6vCU15L3GTJXXNxpgd0HHyeFDlXYj/1o+HHX3mkt
m1YEVxiN/83OcZzQGMRhFLk6rVtoTMARuN/uO1fYAaxcCLqpsM5YLyU6NPIwsYsCkZx0pz4vCtMo
Scl4h3E9zx52tto+NClcudYfpP+NW8QkC1J3Wu3ZkwGcBE2HkxsX7TOkR0OAk8ottDAu3OThcvCL
SCuDoaaZxBxok24KZUJ663tjzPFMPih+Lna0Gx7bmYi//3mvI+7vkwQNMztima+51SQiI+UI77Ro
H/M9ke7T0CNZfImI7dd+x4KluyNSe4dyH83DKQ==
Message-ID: <2a3970dc95e4cec62a2f9935fd496366a1e...@poeconomico.casa>
From: accountant
To: xxx...@netfence.it
Subject: Ho trovata la tua email attraverso il servizio di appuntamenti
"meetic.it".
Date: Wed, 25 Nov 2020 02:44:07 +0100
MIME-Version: 1.0
Content-Type: multipart/related; boundary="2bd19889d80c22e13d3871e175a182d1cd7a"
X-Scanned-By: MIMEDefang 2.83
As you can see:
_ there's no X-Spam-Score header: either SpamAssassin didn't detect this
or it wasn't even launched;
_ if it ran, it should have added 100 points alone since "*.casa" is
blacklisted; that alone should have been enough;
_ also 89.191.230.250 range is in my personal DNSBL and again this alone
should have been enough.
N.B.
Running spamassassin on the command line effectively gives the score I
expect, so I just *think* it's not called. What in the end I'm trying to
see is why.
Calling spamassassin and the code I posted are two different things: but
I see the latter is also failing and I thought that might give some hint.
If there's a better way to see why spamassassin fails it would probably
enough (although curiosity... :).
bye & Thanks
av.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On 11/26/20 11:10 AM, Andrea Venturoli wrote: > On 11/26/20 8:46 AM, Giovanni Bechis wrote: >> both Mail::Headers and Mail::Field are still current, are you able to provide >> a sample "./HEADERS" file ? >> Just add this snippet after the open(2) call: >> open(LOGH, '>', "/tmp/headers.log") or die $!; >> print LOGH ; >> close LOGH; > > Wouldn't this overwrite the same file again and again? > I'd need to let it run until that kind of mail arrives and not loose it at > the next one. > Can't it be written to syslog in some way? > sorry, I thought it was reproducible in some way, I think calling action_quarantine_entire_message() as Diane suggested is the correct thing to do in this case. Giovanni ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On Wed, 25 Nov 2020 11:45:11 +0100
Andrea Venturoli wrote:
> > if (open(HF, "<./HEADERS")) {
> > my $head = Mail::Header->new([]);
> > close HF;
> > md_syslog('warning',"head = %$head");
You shouldn't really print "head = %$head" because you don't know the
implementation details of Mail::Header. Treat it as an opaque object.
> The purpose is to extract Received fields, so to reconstruct the path
> a message underwent from server to server.
> It has worked 99.99% of the times for years; lately, however it fails
> on some very frequent spam messages and I have a hard time
> understanding why.
I suggest calling action_quarantine_entire_message() if you get no
received headers so you can preserve a copy of the original message for
analysis.
> I tried adding:
> > foreach $key (keys %$head)
> > {
> > md_syslog('warning',"$key is $head{$key}");
> > }
It should be $head->{$key} and is unlikely to be useful; you're
printing instance variables on the Mail::Header object, which most
likely do not correspond to actual headers.
If you want to log @recheads, I would do it like this:
md_syslog('warning', 'recheads = ' . join(', ', @recheads));
Anyway... you need to capture the message (or at least the headers)
so we can analyze what's going on.
Regards,
Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On 11/26/20 8:46 AM, Giovanni Bechis wrote: both Mail::Headers and Mail::Field are still current, are you able to provide a sample "./HEADERS" file ? Just add this snippet after the open(2) call: open(LOGH, '>', "/tmp/headers.log") or die $!; print LOGH ; close LOGH; Wouldn't this overwrite the same file again and again? I'd need to let it run until that kind of mail arrives and not loose it at the next one. Can't it be written to syslog in some way? bye av. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On Wed, Nov 25, 2020 at 11:45:11AM +0100, Andrea Venturoli wrote:
> Hello.
>
> I'm a long time MIMEDefang user, but my PERL knowledge is about zero.
>
> A long time ago I found some sample code (from a site which does not
> even exist anymore) and managed to adapt it to my situation.
>
> Here it is:
> > if (open(HF, "<./HEADERS")) {
> > my $head = Mail::Header->new([]);
> > close HF;
> > md_syslog('warning',"head = %$head");
> > if ($head) {
> > my @recheads = Mail::Field->extract('Received',$head);
> > md_syslog('warning',"RecHeads = %@recheads");
> > foreach my $rechead (@recheads) {
> > ...
> > }
> > }
> > }
>
both Mail::Headers and Mail::Field are still current, are you able to provide
a sample "./HEADERS" file ?
Just add this snippet after the open(2) call:
open(LOGH, '>', "/tmp/headers.log") or die $!;
print LOGH ;
close LOGH;
> The purpose is to extract Received fields, so to reconstruct the path a
> message underwent from server to server.
> It has worked 99.99% of the times for years; lately, however it fails on
> some very frequent spam messages and I have a hard time understanding why.
>
> So, I'm asking for help from someone who knows PERL.
>
> Are Mail::Header and Mail::Field still current? Or are they obsolete? If
> so, what should be used as a replacement?
>
> For these messages, I see in the logs:
> > mimedefang.pl[23042]: 0AP2jef2000844: head = %Mail::Header=HASH(0x1fe80ae0)
> > mimedefang.pl[23042]: 0AP2jef2000844: RecHeads = %
>
> So it seems Mail::Header parsed the message, but either found no
> Received header (and they are there!) or it's Mail::Field that fails.
> How would I log more data to know what's going on?
>
> I tried adding:
> > foreach $key (keys %$head)
> > {
> > md_syslog('warning',"$key is $head{$key}");
> > }
> Alas, only the keys are printed, not the values.
>
> Any hint?
>
> bye & Thanks
> av.
>
> P.S. I'm using PERL 5.32.0.
> ___
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID. You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
signature.asc
Description: PGP signature
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Help with header checking
Hello.
I'm a long time MIMEDefang user, but my PERL knowledge is about zero.
A long time ago I found some sample code (from a site which does not
even exist anymore) and managed to adapt it to my situation.
Here it is:
if (open(HF, "<./HEADERS")) {
my $head = Mail::Header->new([]);
close HF;
md_syslog('warning',"head = %$head");
if ($head) {
my @recheads = Mail::Field->extract('Received',$head);
md_syslog('warning',"RecHeads = %@recheads");
foreach my $rechead (@recheads) {
...
}
}
}
The purpose is to extract Received fields, so to reconstruct the path a
message underwent from server to server.
It has worked 99.99% of the times for years; lately, however it fails on
some very frequent spam messages and I have a hard time understanding why.
So, I'm asking for help from someone who knows PERL.
Are Mail::Header and Mail::Field still current? Or are they obsolete? If
so, what should be used as a replacement?
For these messages, I see in the logs:
mimedefang.pl[23042]: 0AP2jef2000844: head = %Mail::Header=HASH(0x1fe80ae0)
mimedefang.pl[23042]: 0AP2jef2000844: RecHeads = %
So it seems Mail::Header parsed the message, but either found no
Received header (and they are there!) or it's Mail::Field that fails.
How would I log more data to know what's going on?
I tried adding:
foreach $key (keys %$head)
{
md_syslog('warning',"$key is $head{$key}");
}
Alas, only the keys are printed, not the values.
Any hint?
bye & Thanks
av.
P.S. I'm using PERL 5.32.0.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
