SA-gen'd message report headers appear differently (with/without linebreaks) in different mail clients

snowcrash+spamassassin Sat, 03 Feb 2007 18:45:31 -0800

hi,

when i receive a message that's passed through SpamAssassin,  if i
view the Message Source in any client, i see a correctly/expected
formatted report, e.g:


----------------------------------------------------------
X-Spam-Checker-Version: SpamAssassin 3.1.8-r454679 (2006-10-10)
X-Spam-Level: !!!!!!!!!!!!!!!!!
X-Spam-Status: score=17.5/4.0 autolearn=spam
X-Spam-Report:
      *  1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
      *  0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs
some mails
      *  5.0 BOTNET Relay might be a spambot or virusbot
      *      
[botnet0.7,ip=208.103.1.19,hostname=208.103.0.19.etczone.com,baddns,client,ipinhostname]
      *  0.1 TW_CX BODY: Odd Letter Triples with CX
      *  0.1 TW_GW BODY: Odd Letter Triples with GW
      *  0.1 TW_MK BODY: Odd Letter Triples with MK
      *  0.1 TW_BJ BODY: Odd Letter Triples with BJ
      *  0.1 TW_JM BODY: Odd Letter Triples with JM
      *  0.1 TW_UW BODY: Odd Letter Triples with UW
      *  0.1 TW_PW BODY: Odd Letter Triples with PW
      *  0.1 TW_IU BODY: Odd Letter Triples with IU
      *  0.1 TW_YJ BODY: Odd Letter Triples with YJ
      *  0.1 TW_DB BODY: Odd Letter Triples with DB
      *  0.0 HTML_MESSAGE BODY: HTML included in message
      *  3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
      *  1.5 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
      *      [score: 0.5531]
      *  6.0 FUZZY_OCR BODY: Img with common spam text inside
      *      Words found:
      *      "cialis" in 1 lines
      *      "viagra" in 1 lines
      *      "cialis" in 1 lines
      *      "viagra" in 1 lines
      *      (4 word occurrences found)
----------------------------------------------------------

if i open the message in, e.g. Mulberry, and view 'all' headers, i see a
similarly formatted:

----------------------------------------------------------
X-Spam-Level: !!!!!!!!!!!!!!!!!
X-Spam-Status: score=17.5/4.0 autolearn=spam
X-Spam-Report:
      *  1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
      *  0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs
some mails
      *  5.0 BOTNET Relay might be a spambot or virusbot
      *      
[botnet0.7,ip=208.103.1.19,hostname=208.103.0.19.etczone.com,baddns,client,ipinhostname]
      *  0.1 TW_CX BODY: Odd Letter Triples with CX
      *  0.1 TW_GW BODY: Odd Letter Triples with GW
      *  0.1 TW_MK BODY: Odd Letter Triples with MK
      *  0.1 TW_BJ BODY: Odd Letter Triples with BJ
      *  0.1 TW_JM BODY: Odd Letter Triples with JM
      *  0.1 TW_UW BODY: Odd Letter Triples with UW
      *  0.1 TW_PW BODY: Odd Letter Triples with PW
      *  0.1 TW_IU BODY: Odd Letter Triples with IU
      *  0.1 TW_YJ BODY: Odd Letter Triples with YJ
      *  0.1 TW_DB BODY: Odd Letter Triples with DB
      *  0.0 HTML_MESSAGE BODY: HTML included in message
      *  3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
      *  1.5 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
      *      [score: 0.5531]
      *  6.0 FUZZY_OCR BODY: Img with common spam text inside
      *      Words found:
      *      "cialis" in 1 lines
      *      "viagra" in 1 lines
      *      "cialis" in 1 lines
      *      "viagra" in 1 lines
      *      (4 word occurrences found)
----------------------------------------------------------

BUT, if i open the message in Thunderbird2, the line-breaks in the
header are apparently stripped off; here's what it looks like.

      http://img100.imageshack.us/img100/278/mnenhyallheaderswh1.jpg

In troubleshooting this, i was informed about the Mozilla MailNews
backend, that TBird is using,

> As per RfC (2)822, header _values_ are always just *one* line.
> To get around the (server) restriction of 998 usable characters per
> line, it is allowed to split the value into multiple lines. But these
> line breaks are *not* part of the actual value and recipients have to
> remove the line breaks when decoding the message to get back the real
> value. If the the value should contain line breaks, these have to be
> encoded before, eg. as =0A in the Quoted Printable encoding.
>
> The X-Spam-Result header value is not encoded, thus the line breaks used
> as a formatting in the source are *not* part of the value and *must* be
> stripped before passing the value to the frontend.
>
> The MailNews backend handling is correct.

Since this is the same message, retrieved from the same mail server,
and, therefore, having been processed by the same instance of SA, i'm
guessing this has to do with what the SA report-generating step does.
But, i'm not certain of that ...

That said, can someone chime in here, and perhaps suggest where to
look / what to do about this?

thanks.

SA-gen'd message report headers appear differently (with/without linebreaks) in different mail clients

Reply via email to