On 11/26/20 3:47 PM, Dianne Skoll via MIMEDefang wrote:
You shouldn't really print "head = %$head" because you don't know the
implementation details of Mail::Header. Treat it as an opaque object.
So how do I know why/how it failed?
I suggest calling action_quarantine_entire_message() if you get no
received headers so you can preserve a copy of the original message for
analysis.
Sorry, I think I wasn't clear: I have such messages!
They are spam getting through, so I've been able to examine them.
What I don't understand is why they weren't blocked, when, IMNSHO, there
are more than a reason for them to be.
It should be $head->{$key} and is unlikely to be useful; you're
printing instance variables on the Mail::Header object, which most
likely do not correspond to actual headers.
> If you want to log @recheads, I would do it like this:
>
> md_syslog('warning', 'recheads = ' . join(', ', @recheads));
Thanks.
What I'm now getting is something like:
mimedefang.pl[86009]: 0AQGZBmM087137: head = %Mail::Header=HASH(0x1617cac8)
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_modify is 0
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_foldlen is 79
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_lengths is HASH(0x19404798)
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_list is ARRAY(0x15e19060)
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_hash is HASH(0x178b94b0)
mimedefang.pl[86009]: 0AQGZBmM087137: mail_hdr_mail_from is KEEP
mimedefang.pl[86009]: 0AQGZBmM087137: recheads =
Mail::Field::Received=HASH(0x180a4630)
It's better than nothing.
Now I'm waiting for such spam to arrive, so I can see in what way it's
different.
I think I first need to understand if it's Mail::Header (earlier) or
Mail::Field (later) that is failing to parse.
Anyway... you need to capture the message (or at least the headers)
so we can analyze what's going on.
Here's a sample:
Return-Path: <[email protected]>
Received: from soth.netfence.it ([unix socket])
by mailserver.netfence.it (Cyrus 3.0.14) with LMTPA;
Wed, 25 Nov 2020 03:45:44 +0100
X-Cyrus-Session-Id: mailserver.netfence.it-557-1606272344-1-3657946293514545252
X-Sieve: CMU Sieve 3.0
Received: from poeconomico.casa (vds74451.mgn-host.ru [89.191.230.250] (may be
forged))
by soth.netfence.it (8.16.1/8.16.1) with ESMTPS id 0AP2jef2000844
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <[email protected]>; Wed, 25 Nov 2020 03:45:43 +0100 (CET)
(envelope-from [email protected])
Authentication-Results: soth.netfence.it;
dkim=pass (2048-bit key) header.d=poeconomico.casa
[email protected] header.b=cGnTmyJh
X-Authentication-Warning: soth.netfence.it: Host vds74451.mgn-host.ru
[89.191.230.250] (may be forged) claimed to be poeconomico.casa
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=key1;
d=poeconomico.casa;
h=Message-ID:From:To:Subject:Date:MIME-Version:Content-Type;
[email protected];
bh=xbJLlOE1CWUnav77hJisuzISPwtefQrfatVm8E+8Sow=;
b=cGnTmyJh1B9VDyiBCFcRI2pVOQqJ+fw65kJL6vCU15L3GTJXXNxpgd0HHyeFDlXYj/1o+HHX3mkt
m1YEVxiN/83OcZzQGMRhFLk6rVtoTMARuN/uO1fYAaxcCLqpsM5YLyU6NPIwsYsCkZx0pz4vCtMo
Scl4h3E9zx52tto+NClcudYfpP+NW8QkC1J3Wu3ZkwGcBE2HkxsX7TOkR0OAk8ottDAu3OThcvCL
SCuDoaaZxBxok24KZUJ663tjzPFMPih+Lna0Gx7bmYi//3mvI+7vkwQNMztima+51SQiI+UI77Ro
H/M9ke7T0CNZfImI7dd+x4KluyNSe4dyH83DKQ==
Message-ID: <[email protected]>
From: accountant <[email protected]>
To: [email protected]
Subject: Ho trovata la tua email attraverso il servizio di appuntamenti
"meetic.it".
Date: Wed, 25 Nov 2020 02:44:07 +0100
MIME-Version: 1.0
Content-Type: multipart/related; boundary="2bd19889d80c22e13d3871e175a182d1cd7a"
X-Scanned-By: MIMEDefang 2.83
As you can see:
_ there's no X-Spam-Score header: either SpamAssassin didn't detect this
or it wasn't even launched;
_ if it ran, it should have added 100 points alone since "*.casa" is
blacklisted; that alone should have been enough;
_ also 89.191.230.250 range is in my personal DNSBL and again this alone
should have been enough.
N.B.
Running spamassassin on the command line effectively gives the score I
expect, so I just *think* it's not called. What in the end I'm trying to
see is why.
Calling spamassassin and the code I posted are two different things: but
I see the latter is also failing and I thought that might give some hint.
If there's a better way to see why spamassassin fails it would probably
enough (although curiosity... :).
bye & Thanks
av.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
