On Fri, 2009-04-10 at 11:20 -0700, John Hardin wrote: > On Fri, 10 Apr 2009, martes wrote:
> > Here is a link to the listed message that passed through the filter. > > > > http://pastebin.com/d6fe63bd6 > > The headers in that spample don't say anything about SA at all. Did you > export the message from your mail client? That can omit headers. Evolution does not omit headers when showing the message source. However, that particular message indeed looks like the headers have been severely altered. Note the Received headers position. Martes, how is SA integrated? Unfortunately, the Evolution Junk plugin doesn't add the SA headers. Btw, by glimpsing at the headers alone I can already tell it definitely is spam. The Message-Id is very poorly forged and seriously broken. To avoid the term braindead. :) It triggers my rule KB_RATWARE_MSGID. > Is it possible for you to directly retrieve the message out of your system > mailbox file using a text editor? That's guaranteed to not omit anything > of interest. And please don't munge any data, unless you really have to -- for instance, the Organization header appears to have been rewritten. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
