Microsoft SMTPSVC seems to trigger BAD_ENC_HEADER when sending bounces if
it's been given a non-English bounce template (or whatever M$ use for
configuring that). Even bounces to correctly encoded mail. I've got quite
a number of examples, and all of them have a foreign language Subject
line, encoded in =?unicode-1-1-utf-7?, but wrapped onto more than one
line.
Three samples attached, from different SMTPSMV servers - jal.co.uk (Japan
Airlines), ohl.de and ifg.com, all of which are legit correspondents. I
removed the original pre-bounce message except for its final Received
header - this one which bounced the mail - and I overwrote the usernames
for their privacy, but the mail domains, the incriminating Received line,
and the rest of the headers are original.
header BAD_ENC_HEADER ALL =~ /=\?[^?\s]+\?[^?\s]\?\s*[^?]+\s(?!\?=)/
I think the problem is that the Subject header although encoded does have
spaces in, which is invalid for RFC2047 (and headers can only be split on
whitespace, so the folded headers are doubly invalid).
Is anyone else having trouble from this ? With a net/bayes score of 3.100,
it doesn't need many other rules to reach spam levels. One of those
samples hit HTML_50_60, HTML_FONT_BIG, HTML_MESSAGE, HTML_TAG_EXIST_TBODY,
HTML_WEB_BUGS and NO_REAL_NAME for a total score of 5.196 (ouch). I've
zeroed the BAD_ENC_HEADER score for myself, but wonder if it's affecting
others too ?
Nick
---BeginMessage---
From Wed Jun 14 15:45:50 2006
Return-Path:
Delivered-To: spam-quarantine
X-Quarantine-id: spam-20060612-234932-24639-02
Received: (qmail 25540 invoked by uid 513); 12 Jun 2006 22:49:29 -
Received: from [61.121.116.237] (HELO fmjalmx.mobile-p.jp) (61.121.116.237)
by mx1.diago.nl (qpsmtpd/0.28) with ESMTP; Mon, 12 Jun 2006 23:49:29 +0
100
Received: from fiptyosmvl02.jalnet ([192.168.1.26])
by fmjalmx.mobile-p.jp (MOS 3.5.8-GR)
with ESMTP id BKI91565;
Tue, 13 Jun 2006 07:49:24 +0900 (JST)
Received: from fiptyosefl01.jalnet
by fiptyosmvl02.jalnet (*-*) with ESMTP id k5CMnNS13006
for [EMAIL PROTECTED]; Tue, 13 Jun 2006 07:49:23 +0900 (JST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Tue, 13 Jun 2006 07:49:23 +0900
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary=9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal
X-DSNContext: 335a7efd - 4460 - 0001 - 80040546
Message-ID: [EMAIL PROTECTED]
Subject: =?unicode-1-1-utf-7?Q?+kU1P4XK2YUuQGnfl-
(+MKgw6TD8-)?=
This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.
--9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal
Content-Type: text/plain; charset=unicode-1-1-utf-7
+MFMwbpAad+Uwb4HqUtV2hDBrdR9iEDBVMIwwX5FNT+FytmFLkBp35TBnMFkwAg-
+ayEwblPXT+GABTB4MG6RTU/hMGtZMWVXMFcwfjBXMF8wAg-
[EMAIL PROTECTED]
--9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal
Content-Type: message/delivery-status
Reporting-MTA: dns;fiptyosefl01.jalnet
Received-From-MTA: dns;fiptyosmvl01.jalnet
Arrival-Date: Tue, 13 Jun 2006 07:49:22 +0900
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
--9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal
Content-Type: message/rfc822
Received: from fiptyosmvl01.jalnet ([192.168.1.25]) by fiptyosefl01.jalnet with
Microsoft SMTPSVC(5.0.2195.6713);
Tue, 13 Jun 2006 07:49:22 +0900
--9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal--
---End Message---
---BeginMessage---
From Wed Jun 14 15:50:03 2006
Return-Path:
Delivered-To: spam-quarantine
X-Envelope-To: [EMAIL PROTECTED]
X-Envelope-From:
X-Quarantine-id: spam-20060613-175712-23044-02
Received: (qmail 23889 invoked by uid 513); 13 Jun 2006 16:57:07 -
Received: from [82.127.1.35] (HELO ifg.com) (82.127.1.35)
by mx3.diago.nl (qpsmtpd/0.28) with ESMTP; Tue, 13 Jun 2006 17:57:07 +0
100
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Tue, 13 Jun 2006 19:01:03 +0200
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary=9B095B5ADSN=_01C689396DD799280542ifg.com
X-DSNContext: 7ce717b1 - 1158 - 0002 -
Message-ID: [EMAIL PROTECTED]
Subject: Notification
d'=?unicode-1-1-utf-7?Q?+AOk-tat
de
remise
(+AOk-chec)?=
This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.
--9B095B5ADSN=_01C689396DD799280542ifg.com
Content-Type: text/plain; charset=unicode-1-1-utf-7
Cette notification d'+AOk-tat de remise est g+AOk-n+AOk-r+AOk-e automatiquement.
+AMk-chec de la remise aux destinataires suivants.
[EMAIL PROTECTED]
--9B095B5ADSN=_01C689396DD799280542ifg.com
Content-Type: message/delivery-status
Reporting-MTA: dns;ifg.com
Received-From-MTA: dns;ifg.com
Arrival-Date: Tue, 13 Jun 2006 19:01:02 +0200
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: