Re: [ZZ Missed] Re: Aren't these headers interesting....

Thu, 30 Jun 2005 19:01:53 -0700 

Indeed - it seems to be the PerMsgStatus.pm line 2119 (security problem
with user_prefs containing "full" rules) bug let it through. Now, just
how I am not at all sure. There is supposed to be a trap, that ZZ-Missed
markup, shown in the subject line and then it feeds through a niced
regular spamassassin. This simply sailed through.... Fascinating.

Anyway, I now have these tricks in my .procmailrc script:
===8<---
:0
* ^X-Spam-Status:
{
    :0 fw
    | formail -R "X-Spam-Status:" "X-False-Spam-Status:"

    :0 fw
    | formail -A "X-Nasty: Aren't we?"
}

:0
* ^X-Spam-Level
{
    :0 fw
    | formail -R "X-Spam-Level" "X-False-Spam-Level"
}

:0
* ^X-Spam-Checker-Version:
{
    :0 fw
    | formail -R "X-Spam-Checker-Version:" "X-False-Spam-Checker-Version:"
}
===8<---

And as a general purpose procmail debugging trick I figure I'll pass this
one along to the assemblage. Add this rule just after the lines in your
procmailrc you are testing. Then run "procmail procmailrc_test <nasty"
and view the "processed" file. This way the mail is normally delivered
with the old .procmailrc while you test AND the tests do not pollute your
inbox.
===8<---
:0:
$HOME/processed
===8<---

{^_^}
----- Original Message ----- 
From: "Justin Mason" <[EMAIL PROTECTED]>
To: "jdow" <[EMAIL PROTECTED]>
Cc: "spamassassin-users" <users@spamassassin.apache.org>
Sent: 2005 June, 30, Thursday 18:14
Subject: [ZZ Missed] Re: Aren't these headers interesting....


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> > Now, SpamAssassin here is not run before the "X-BOO:" (name obfuscated)
> > header. And SpamAssassin markup is supposed to happen after that point.
> > It appears this sailed right through without SpamAssassin remarking it.
> > Now to go to procmail and strip that nasty set of headers before it gets
> > into the system.
>
> that does seem odd -- SpamAssassin will happily ignore any previous
> SpamAssassin headers, fake or not.
>
> did you catch a copy of the original?  when run through the commandline
> spamassassin tool, does it get marked up?
>
> - --j.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> Comment: Exmh CVS
>
> iD8DBQFCxJjYMJF5cimLx9ARAuW5AJ4oP54XlOfGfzycD3eFVnPZkuqvoQCbB/cg
> n4i9cjQkRXz/LD2XG9kpHgM=
> =IN9b
> -----END PGP SIGNATURE-----

Reply via email to