Re: [Declude.JunkMail] Something new with v 2.0.6

[Matt]

Fred, It looks like two full sets of Declude's XINHEADER's, and something caused a double line break in it.  I am also having a problem understanding the path that this E-mail took, and maybe that will give you some clues.  There is something forwarding the message and that might partially explain why it has two sets of headers, but the double line break shouldn't appear there. Maybe you could explain the path that this took:  64.124.116.10 (IMail) -> SMTP32-FWD (Probably also IMail) -> 64.124.116.40 (SMSSMTP, Symantec???) -> 64.124.116.30 (IMail again). I am going to guess that it is possible that Declude is getting confused based on the body being in a format similar to a header where there is a word followed by a colon, and in the process, it might be inserting the headers in the wrong location when it is adding them the second time.  Total guess there of course.  I suspect that the path is causing some form of double-processing, possibly the Symantec SMSSMTP piece, and that if you could resolve that, the problem might go away.  Also note that the headers show a 30 second difference between the headers, so it's going somewhere. So to summarize, it looks like it's being double-processed due to some mechanism involving SMSSMTP, and Declude is maybe parsing the message incorrectly for where to insert the second set of headers, and if you could get it to only process it once (remove forwarding/looping possible issue), the symptom might go away.  If so, Declude might also want to look at the parsing code for where to insert the headers and account for the condition in future releases as I'm sure that isn't intentional. Matt Frederick Samarelli wrote: See attached config.   The problem only started after the update from 2.0.5 to 2.0.6 ----- Original Message ----- From: Darin Cox To: Declude.JunkMail@declude.com Sent: Wednesday, April 13, 2005 10:39 AM Subject: Re: [Declude.JunkMail] Something new with v 2.0.6 I think we're going to have to see the Global.CFG to figure out if there's a misconfiguration.  I certainly looks like your entire XINHEADER config is duplicated. Darin.     ----- Original Message ----- From: Frederick Samarelli To: Declude.JunkMail@declude.com Sent: Wednesday, April 13, 2005 10:34 AM Subject: [Declude.JunkMail] Something new with v 2.0.6 HEADER   Received: from dns2.tcbinc.net [64.124.116.30] by bks.tcbinc.com   (SMTPD32-8.15) id A5E13540470; Wed, 13 Apr 2005 03:10:25 -0400 Received: from mail.tcbinc.net ([64.124.116.40])  by dns2.tcbinc.net (SMSSMTP 4.1.0.19) with SMTP id M2005041303105928414  for <[EMAIL PROTECTED]>; Wed, 13 Apr 2005 03:10:59 -0400 Received: from SMTP32-FWD by mail.tcbinc.net   (SMTP32) id AC601002507EA4CF6; Wed, 13 Apr 2005 03:10:59 -0400 Received: from ADS [64.124.116.10] by mail.tcbinc.net   (SMTPD32-8.15) id A6012507EA; Wed, 13 Apr 2005 03:10:57 -0400 SUBJECT: Virus Found Message-Id: <[EMAIL PROTECTED]> X-RBL-Warning: SNIFFERZERO: Message failed SNIFFERZERO: 0. X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: SPFPASS: SPF returned PASS for this E-mail. X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8c200000]. X-RBL-Warning: WEIGHT10: Total weight between 10 and 14. X-Declude-Sender: [EMAIL PROTECTED] [64.124.116.10] X-Declude-Spoolname: DC601002507EA4CF6.SMD X-RBL-Warning: SNIFFERZERO: Message failed SNIFFERZERO: 0. X-RBL-Warning: SPFPASS: SPF returned PASS for this E-mail. X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8c200000]. X-RBL-Warning: HELOBOGUS: Domain ADS has no MX or A records [0301]. X-Declude-Sender: [EMAIL PROTECTED] [64.124.116.10] X-Declude-Spoolname: DC5E1035404704CAF.SMD X-Note: Total spam weight of this E-mail is 3. X-RBL-Warning: Total weight: 3 X-Note: This E-mail was scanned & filtered by TCB [2.0.6] for SPAM & virus. X-Spam-Tests-Failed: SNIFFERZERO, SPFPASS, BADHEADERS, HELOBOGUS X-Spam-Tests-Failed Weight: SNIFFERZERO [0], SPFPASS [0], BADHEADERS [2], HELOBOGUS [1] X-Spam-Time:03:10:29 X-Weight: 3 X-Mailfrom: fred.tcbinc.net X-Note: Sent from: [EMAIL PROTECTED] X-Note: Sent from Reverse DNS:  ads.tcbinc.net ([64.124.116.10]) X-Hello: ADS X-Note: Recipient(s):  [EMAIL PROTECTED] X-Country-Chain: UNITED STATES->destination From: [EMAIL PROTECTED] Date: Wed, 13 Apr 2005 03:10:29 -0400 X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 411698213   BODY: X-Spam-Tests-Failed Weight: SNIFFERZERO [0], CMDSPACE [8], SPFPASS [0], BADHEADERS [2], WEIGHT10 [10] X-Spam-Time:03:10:59 X-Note: Total spam weight of this E-mail is 10 X-Note: This E-mail was scanned & filtered by Declude [2.0.6] for SPAM & virus X-Spam-Tests-Failed: SNIFFERZERO, CMDSPACE, SPFPASS, BADHEADERS, WEIGHT10 X-Weight: 10 X-Mailfrom: fred.tcbinc.net X-Note: Sent from: [EMAIL PROTECTED] X-Note: Sent from Reverse DNS:  ads.tcbinc.net ([64.124.116.10]) X-Hello: ADS X-Note: Recipient(s):  [EMAIL PROTECTED] X-Country-Chain: UNITED STATES->destination Date: Wed, 13 Apr 2005 03:10:59 -0400   Virus:[EMAIL PROTECTED] Alert: Virus Found Computer: DNS2 Date: 04/13/2005 Time: 03:10:54 AM Severity: Critical Source: Norton AntiVirus Corporate Edition -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================