spamassassin-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 3740] yahoo bounce are filtered out by spamassassin
Date Thu, 02 Sep 2004 17:33:30 GMT

------- Additional Comments From  2004-09-02 10:33 -------
Subject: Re:  yahoo bounce are filtered out by spamassassin

> ------- Additional Comments From  2004-09-01 21:27
> ------- I read your comments enough to form a hypotheses ofthe problem and
> a solution. You say that all the information is in what you pasted in the
> various comments. I say, once again, that we need a copy of an actual
> email as received by MIMEDefang before it is processed, ATTACHED (note
> that word and the emphasis again) to this bug report, so we have a real
> test case with which to verify the bug *and the fix* before any change to
> code is checked in.
> Are you really saying that the entire header that you got from
> was comprised of:

Yes, except for the Return-Path:
Here's the code that reconstructs the message.

# invoke spamcannibal
    if (defined $Actions{discard} && $Actions{discard}) {
      if (defined (my $virus_name = sc_mail_discard())) {
        if ($virus_name) {
        } else {
          $SpamCannibalReason =~ /\S+/;
        md_graphdefang_log('sent to spamcannibal',$report);

        my $smhelo      = $Helo || '';
        my $origin      = $SendmailMacros{_} || '';
        my $if_name     = $SendmailMacros{if_name} || '';
        my $mail_mailer = uc $SendmailMacros{mail_mailer} || 'SMTP';
        my $smid        = $SendmailMacros{i} || '';
        my $smfor       = (@Recipients) ? join(',',@Recipients) : '';
        chop $smfor if $smfor =~ /,$/;
        my $smdate      = rfc2822_date();


# add current received: from header
        print R qq
|Received: from $smhelo ($origin)
  by $if_name with $mail_mailer id $smid
  for $smfor; $smdate


        foreach(<I>) {
          print R $_;
          next unless $virus_name;              # strip virus attachment
          last if $_ =~ /name.+$virus_name/i;
        close I;
        close R;

        my $new = MIME::Entity->build(
                From            => 'ns2_defang@localhost',
                To              => $SpamCannibalModerator,
                Subject         => '[SPAM] '. $SpamCannibalReason,
                'Reply-To'      => $SpamCannibalReplyTo,
                Encoding        => 'quoted-printable',
                Type            => 'text/plain',
                Path            => 'MY_COPY',
                'X-Spam-Score'  => $xspamscore,

        close R;
        rename 'MY_REPLACEMENT', 'INPUTMSG';
      } # else drop the message

The first received from line (ns2 in this case) is constructed from the 
info available from SendmailMacros since it does not really exist yet, 
the rest of the input header+body is spooled to the replacement file 
intact, then a header is constructed for the moderator and the original 
input message is attached as the body of the new  message sent to the 
------ background
This has nothing to do with the bug report, but this is done so that the 
offending message can be easily inspected by a human then either dropped 
or emailed to a collection robot for analysis and addition to our DNSBL 
database. This is all part of the SpamCannibal effort.


> Received: from (
> [])
>   by with LOCAL id i81JYPNu012882
>   for <>; Wed, 01 Sep 2004 12:34:29 -0700
>   (PDT)
> From:
> To:
> X-Loop:
> Subject: Delivery failure
> Does that mean that the mail server at is taking an
> SMTP connection refused by and making it look
> like an email sent from MAILER-DAEMON at That would be a
> forgery. What is the explanation for only one Received header with LOCAL
> ID?
> I'm afraid that without being able to reproduce this and without seeing
> the actual mail that was delivered and passed through to SpamAssassin
> there is not much we can do. And if you can get such a sample, please
> attach it as an attachment using Bugzilla's Create New Attachment link so
> that we get it as an attachment.
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

View raw message