spamassassin-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzilla-dae...@bugzilla.spamassassin.org
Subject [Bug 3740] yahoo bounce are filtered out by spamassassin
Date Thu, 02 Sep 2004 17:33:30 GMT
http://bugzilla.spamassassin.org/show_bug.cgi?id=3740





------- Additional Comments From michael@insulin-pumpers.org  2004-09-02 10:33 -------
Subject: Re:  yahoo bounce are filtered out by spamassassin

> http://bugzilla.spamassassin.org/show_bug.cgi?id=3740
> 
> 
> 
> 
> 
> ------- Additional Comments From sidney@sidney.com  2004-09-01 21:27
> ------- I read your comments enough to form a hypotheses ofthe problem and
> a solution. You say that all the information is in what you pasted in the
> various comments. I say, once again, that we need a copy of an actual
> email as received by MIMEDefang before it is processed, ATTACHED (note
> that word and the emphasis again) to this bug report, so we have a real
> test case with which to verify the bug *and the fix* before any change to
> code is checked in.
> 
> Are you really saying that the entire header that you got from yahoo.com
> was comprised of:

Yes, except for the Return-Path:
Here's the code that reconstructs the message.

# invoke spamcannibal
    if (defined $Actions{discard} && $Actions{discard}) {
      if (defined (my $virus_name = sc_mail_discard())) {
        if ($virus_name) {
          sc_profile('virus');
        } else {
          $SpamCannibalReason =~ /\S+/;
          sc_profile($&);
        }
        md_graphdefang_log('sent to spamcannibal',$report);

        my $smhelo      = $Helo || '';
        my $origin      = $SendmailMacros{_} || '';
        my $if_name     = $SendmailMacros{if_name} || '';
        my $mail_mailer = uc $SendmailMacros{mail_mailer} || 'SMTP';
        my $smid        = $SendmailMacros{i} || '';
        my $smfor       = (@Recipients) ? join(',',@Recipients) : '';
        chop $smfor if $smfor =~ /,$/;
        my $smdate      = rfc2822_date();

        local(*R,*I);
        open(R,'>./MY_COPY');

# add current received: from header
        print R qq
|Received: from $smhelo ($origin)
  by $if_name with $mail_mailer id $smid
  for $smfor; $smdate
|;

        open(I,'INPUTMSG');

        foreach(<I>) {
          print R $_;
          next unless $virus_name;              # strip virus attachment
          last if $_ =~ /name.+$virus_name/i;
        }
        close I;
        close R;

        my $new = MIME::Entity->build(
                From            => 'ns2_defang@localhost',
                To              => $SpamCannibalModerator,
                Subject         => '[SPAM] '. $SpamCannibalReason,
                'Reply-To'      => $SpamCannibalReplyTo,
                Encoding        => 'quoted-printable',
                Type            => 'text/plain',
                Path            => 'MY_COPY',
                'X-Spam-Score'  => $xspamscore,
        );

        open(R,'>./MY_REPLACEMENT');
        $new->print(\*R);
        close R;
        rename 'MY_REPLACEMENT', 'INPUTMSG';
        resend_message($SpamCannibalModerator);
        return;
      } # else drop the message

The first received from line (ns2 in this case) is constructed from the 
info available from SendmailMacros since it does not really exist yet, 
the rest of the input header+body is spooled to the replacement file 
intact, then a header is constructed for the moderator and the original 
input message is attached as the body of the new  message sent to the 
moderator.
------ background
This has nothing to do with the bug report, but this is done so that the 
offending message can be easily inspected by a human then either dropped 
or emailed to a collection robot for analysis and addition to our DNSBL 
database. This is all part of the SpamCannibal effort.

Michael

> 
> Received: from mta368.mail.scd.yahoo.com (mta368.mail.scd.yahoo.com
> [66.94.234.148])
>   by ns2.bizsystems.net with LOCAL id i81JYPNu012882
>   for <owner-insulin-pumpers@bzs.org>; Wed, 01 Sep 2004 12:34:29 -0700
>   (PDT)
> From: MAILER-DAEMON@yahoo.com
> To: owner-insulin-pumpers@bzs.org
> X-Loop: MAILER-DAEMON@yahoo.com
> Subject: Delivery failure
> 
> Does that mean that the mail server at ns2.bizsystems.net is taking an
> SMTP connection refused by mta368.mail.scd.yahoo.com and making it look
> like an email sent from MAILER-DAEMON at yahoo.com? That would be a
> forgery. What is the explanation for only one Received header with LOCAL
> ID?
> 
> I'm afraid that without being able to reproduce this and without seeing
> the actual mail that was delivered and passed through to SpamAssassin
> there is not much we can do. And if you can get such a sample, please
> attach it as an attachment using Bugzilla's Create New Attachment link so
> that we get it as an attachment.
> 
> 
> 
> 
> 
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
> 






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Mime
View raw message