Hello,
since upgrading to amavisd-2.4.2 we got a problem
with spam mails whose subject is not plain ascii.
We use the string "[Maybe Spam]" to tag spam Mails.
For spam mails with plain ascii subject everything is fine.
If we receive a spam mail with an subject which is not plain ascii
the mail is recognised as spam and the subject tag is added.
But in the process of reformatting the header in sub hdr
the space in "[Maybe Spam]" is replaced by "\n\t" resulting
in a line break in the subject header of the mail.
The MUA's interpret the "[Maybe\n\tSpam]" as "[MaybeSpam]"
which breaks the spam filter rules at the client side.
The following headers are from a spam mail I set to myself.
The space in "[Maybe Spam]" is turned into a multi line header.
Received: from localhost (localhost [127.0.0.1])
by mailhost4.freudenberg.de (Postfix) with ESMTP id 407969A5B7
for <[EMAIL PROTECTED]>; Wed, 23 Aug 2006 10:39:19 +0200 (CEST)
X-DSPAM-Result: Spam
X-DSPAM-Processed: Wed Aug 23 10:39:18 2006
X-DSPAM-Confidence: 0.5745
X-DSPAM-Probability: 1.0000
X-DSPAM-Factors: 15,
X-Virus-Scanned: by amavisd-new at freudenberg.de
X-Spam-Flag: YES
X-Spam-Score: 7.562
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.562 tagged_above=-999 required=5 tests=[AWL=1.230,
BAYES_50=0.001, DRUGS_ANXIETY=0.404, DRUGS_ANXIETY_EREC=0.234,
DRUGS_ERECTILE=0.493, DSPAM_SPAM=2, NO_DNS_FOR_FROM=3.2]
Received: from localhost ([127.0.0.1])
by localhost (mailhost4.freudenberg.de [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id E9SX5yR45jUL for <[EMAIL PROTECTED]>;
Wed, 23 Aug 2006 10:39:18 +0200 (CEST)
Received: from itktlx3.fit.freudenberg.de (unknown [153.95.22.24])
by mailhost4.freudenberg.de (Postfix) with ESMTP id AAAF99A5B6
for <[EMAIL PROTECTED]>; Wed, 23 Aug 2006 10:39:18 +0200 (CEST)
Date: Wed, 23 Aug 2006 10:39:18 +0200 (CEST)
From: Holger Zimmermann <[EMAIL PROTECTED]>
X-X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Maybe
Spam]=?UTF-8?Q?test_=C3=A4l=C3=B6o=C3=BCpj\}=5D\=C2=AC{=CB=9D=C4=B8=E2=86=93?=
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 23 Aug 2006 08:39:19.0466 (UTC)
FILETIME=[A00FF0A0:01C6C68F]
Below find the log entries for a real spam. Postfix displays the "\n\t" in the
subject as ??.
Aug 23 10:01:14 mailhost4 amavis[4836]: (04836-44-2) SPAM-TAG, <[EMAIL
PROTECTED]> -> <[EMAIL PROTECTED]>, Yes, score=9.002 tagged_above=-999
required=5 tests=[BAAug 23 00:28:30 mailhost4 postfix/smtpd[31137]: 828894F7F5:
client=71-37-51-14.tukw.qwest.net[71.37.51.14]
Aug 23 00:28:31 mailhost4 postfix/cleanup[31141]: 828894F7F5:
message-id=<[EMAIL PROTECTED]>
Aug 23 00:28:31 mailhost4 postfix/cleanup[31141]: 828894F7F5: warning: header
Subject: =?windows-1251?B?yvDg8eji7iwg8+Tu4e3uIOgg7eDkuObt7iEhIQ==?= from
71-37-5
1-14.tukw.qwest.net[71.37.51.14]; from=<[EMAIL PROTECTED]> to=<[EMAIL
PROTECTED]> proto=SMTP helo=<localhost>
Aug 23 00:28:31 mailhost4 postfix/qmgr[31135]: 828894F7F5: from=<[EMAIL
PROTECTED]>, size=13813, nrcpt=1 (queue active)
Aug 23 00:28:31 mailhost4 amavis[31098]: (31098-09) ESMTP::10024
/mail_spool_und_quarantaene/amavis/tmp/amavis-20060823T002346-31098: <[EMAIL
PROTECTED]> -> <armin.
[EMAIL PROTECTED]> SIZE=13813 Received: from localhost ([127.0.0.1]) by
localhost (mailhost4.freudenberg.de [127.0.0.1]) (amavisd-new, port 10024) with
ESM
TP for <[EMAIL PROTECTED]>; Wed, 23 Aug 2006 00:28:31 +0200 (CEST)
Aug 23 00:28:31 mailhost4 amavis[31098]: (31098-09) Checking: lhyDFHjSpe2h
[71.37.51.14] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Aug 23 00:28:31 mailhost4 amavis[31098]: (31098-09) p004 1 Content-Type:
multipart/related
Aug 23 00:28:31 mailhost4 amavis[31098]: (31098-09) p005 1/1 Content-Type:
multipart/alternative
Aug 23 00:28:31 mailhost4 amavis[31098]: (31098-09) p001 1/1/1 Content-Type:
text/plain, size: 386 B, name:
Aug 23 00:28:31 mailhost4 amavis[31098]: (31098-09) p002 1/1/2 Content-Type:
text/html, size: 1841 B, name:
Aug 23 00:28:31 mailhost4 amavis[31098]: (31098-09) p003 1/2 Content-Type:
image/jpg, size: 6313 B, name: esc.jpg
Aug 23 00:28:32 mailhost4 amavis[31098]: (31098-09) SPAM-TAG, <[EMAIL
PROTECTED]> -> <[EMAIL PROTECTED]>, Yes, score=13.747 tagged_above=-999
required=5 t
ests=[BAYES_99=3.5, DNS_FROM_RFC_ABUSE=0.2, DSPAM_SPAM=2,
EXTRA_MPART_TYPE=1.091, HTML_IMAGE_ONLY_20=1.157, HTML_MESSAGE=0.001,
PLING_PLING=0.343, RCVD_IN_BL_S
PAMCOP_NET=1.558, RCVD_IN_XBL=3.897]
Aug 23 00:28:32 mailhost4 postfix/smtpd[31184]: 6887F4F9DC:
client=71-37-51-14.tukw.qwest.net[71.37.51.14]
Aug 23 00:28:32 mailhost4 postfix/cleanup[31142]: 6887F4F9DC:
message-id=<[EMAIL PROTECTED]>
Aug 23 00:28:32 mailhost4 postfix/cleanup[31142]: 6887F4F9DC: warning: header
Subject:
[Maybe??Spam]=?windows-1251?B?yvDg8eji7iwg8+Tu4e3uIOgg7eDkuObt7iEhIQ==?=
from 71-37-51-14.tukw.qwest.net[71.37.51.14]; from=<[EMAIL PROTECTED]>
to=<[EMAIL PROTECTED]> proto=SMTP helo=<localhost>
Aug 23 00:28:32 mailhost4 postfix/qmgr[31135]: 6887F4F9DC: from=<[EMAIL
PROTECTED]>, size=14775, nrcpt=1 (queue active)
Aug 23 00:28:32 mailhost4 amavis[31098]: (31098-09) FWD via SMTP: <[EMAIL
PROTECTED]> -> <[EMAIL PROTECTED]>, 250 2.6.0 Ok, id=31098-09, from MTA([127.0.0
.1]:10025): 250 Ok: queued as 6887F4F9DC
Aug 23 00:28:32 mailhost4 amavis[31098]: (31098-09) Passed, <[EMAIL PROTECTED]>
-> <[EMAIL PROTECTED]>, quarantine lhyDFHjSpe2h, Message-ID: <d89801c6c639
[EMAIL PROTECTED]>, Hits: 13.747, xforward address 71.37.51.14, xforward name
71-37-51-14.tukw.qwest.net, guessed address 71.37.51.14, MTA is not loca
l, using default policy bank
Aug 23 00:28:32 mailhost4 amavis[31098]: (31098-09) Passed SPAMMY, <[EMAIL
PROTECTED]> -> <[EMAIL PROTECTED]>, Hits: 13.747, tag=-999, tag2=5, kill=99999,
queued_as: 6887F4F9DC, L/Y/Y/0
Aug 23 00:28:32 mailhost4 amavis[31098]: (31098-09) TIMING [total 869 ms] -
SMTP EHLO: 2 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2 (0%)1, SMTP
DATA
: 84 (10%)10, body_digest: 1 (0%)10, gen_mail_id: 0 (0%)10, mime_decode: 21
(2%)13, get-file-type3: 13 (2%)14, parts_decode: 0 (0%)14, AV-scan-1: 21
(2%)17, AV
-scan-2: 9 (1%)18, spam-wb-list: 1 (0%)18, DSPAM: 217 (25%)43, SA msg read: 1
(0%)43, SA parse: 3 (0%)44, SA check: 375 (43%)87, SA finish: 3 (0%)87, DSPAM
lea
rn: 0 (0%)87, update_cache: 1 (0%)87, decide_mail_destiny: 1 (0%)87,
fwd-connect: 7 (1%)88, fwd-xforward: 1 (0%)88, fwd-mail-from: 1 (0%)88,
fwd-rcpt-to: 1 (0%
)88, fwd-data-cmd: 0 (0%)88, write-header: 1 (0%)88, fwd-data-contents: 1
(0%)89, fwd-data-end: 90 (10%)99, fwd-rundown: 2 (0%)99, prepare-dsn: 1 (0%)99,
main_
log_entry: 7 (1%)100, unlink-3-files: 1 (0%)100, rundown: 0 (0%)100
Aug 23 00:28:32 mailhost4 postfix/smtp[31163]: 828894F7F5: to=<[EMAIL
PROTECTED]>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 2.6.0 Ok, id
=31098-09, from MTA([127.0.0.1]:10025): 250 Ok: queued as 6887F4F9DC)
Aug 23 00:28:32 mailhost4 postfix/qmgr[31135]: 828894F7F5: removed
Aug 23 00:28:32 mailhost4 postfix/smtp[31185]: 6887F4F9DC: to=<[EMAIL
PROTECTED]>, relay=mailhost1.internal[153.95.100.13], delay=0, status=sent (250
2.6.0 <[EMAIL PROTECTED]> Queued mail for delivery)
Aug 23 00:28:32 mailhost4 postfix/qmgr[31135]: 6887F4F9DC: removed
We are using
amavisd-new-2.4.2
postfix 2.2.10
SuSE Enterprise Server 8
Regards,
Holger Zimmermann
Freudenberg Hosting KG
Basic Applications & Databases
Höhnerweg 2 - 4
69469 Weinheim, Germany
Fon +49 (0) 6201 80-8023
Fax +49 (0) 6201 88-8023
mailto:[EMAIL PROTECTED]
http://www.f-it.de
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
