Re: Position of X-Spam headers
On 05.07.23 04:38, Robert Senger wrote: > Thanks for the hint that the milter is responsible for that. Found > a > little patch for spamass-milter that fixed this. Am Mittwoch, dem 05.07.2023 um 10:20 +0200 schrieb Matus UHLAR - fantomas: note that the headers that appear first in the message are considered trusted, while those below do not. That's why most of milters put added headers at the beginning of message. On 05.07.23 14:41, Robert Senger wrote: Hm, trusted by whom? e.g. spamassassin uses this mechanism. In my understanding, nothing in the headers can be trusted at all as long as it's not covered by a digital signature (like DKIM), or added by a machine under my own control... ^ This is it. You can trust any header before the first Received: header added by your machine (or further Received headers added by trusted machines), of course if you trust that machine. all further headers, e.g. X-Spam-* headers put at the end of headers are not trusted, even the sender can add them and trick you e.g. into thinking your mail is not spammy, clear of viruses etc. ... however I see that spamass-milter adds headers at the end of message, so they are not to be trusted further. Other point: Different spam processing milters seem to add different "Spam-X-" headers. The spamass-milter software adds X-Spam-Checker-Version: X-Spam-Status: and, if it detects spam, X-Spam-Flag: YES X-Spam-Level: *** IIUC these headers are added by spamass-milter if spamassassin adds them. I have these in all mails because I have configures SA to always add these. Now, spamass-milter *replaces* any of these if they are found in the incoming message. So, all the spam checking information added by my backup MX is replaced by the headers of my primary MX when it receives a message initially delivered to the backup MX, as they both use the same spamass-milter software. IIRC spamass-milter always removes these headers if the mail is not coming from trusted IP address (-i option), unless you disable this. That's the way spamass-milter makes sure that you can trust those headers when you read the mail. Without it, they would be completely untrustable. But it I look at a message received through this list, I see "Spam-X" headers added by "Debian amavisd-new at spamproc1-he-fi.apache.org". This software always adds X-Spam-Score: X-Spam-Level: X-Spam-Status: (but no X-Spam-Checker-Version:) to the top of the headers if the message is not classified as spam (it would also add "X-Spam-Flag" if it detects spam, I assume). Now, my own spamass-milter *replaces* "X-Spam-Status" at it's original position, and *adds* "X-Spam-Checker-Version" at the bottom (or top, if patched) of the headers. This is a mess... Wouldn't it be better if all previous "Spam-X" headers get completely removed? spamass-milter only cares (in the ways described above) about a few headers: % strings /usr/sbin/spamass-milter|grep -i x-spam X-Spam-Flag X-Spam-Status X-Spam-Orig-To X-Spam-Report X-Spam-Prev-Content-Type X-Spam-Level X-Spam-Checker-Version you need to patch spamass-milter to take those in account. IIUC, headers replaced by milter are replaces in their place, while milter can choose where to add new headers. Obviously spamass-milter adds them at the end. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. M$ Win's are shit, do not use it !
Re: Position of X-Spam headers
Am Mittwoch, dem 05.07.2023 um 14:50 +0200 schrieb Reindl Harald: > > *nothing* should touch existing headers as you also have multiple > Reveived-headers Good point. So, it seems that spamass-milter is doing things a bit, well, unconventional... I thought this is the case to not confuse later filtering (e.g. sieve) with multiple "X-Spam-Flag" headers with possibly contradictory results. However, it should be easy to patch spamass-milter to keep existin headers intact. -- Robert Senger
Re: Position of X-Spam headers
Am Mittwoch, dem 05.07.2023 um 10:20 +0200 schrieb Matus UHLAR - fantomas: > On 05.07.23 04:38, Robert Senger wrote: > > Thanks for the hint that the milter is responsible for that. Found > > a > > little patch for spamass-milter that fixed this. > > note that the headers that appear first in the message are considered > trusted, while those below do not. > That's why most of milters put added headers at the beginning of > message. Hm, trusted by whom? In my understanding, nothing in the headers can be trusted at all as long as it's not covered by a digital signature (like DKIM), or added by a machine under my own control... Other point: Different spam processing milters seem to add different "Spam-X-" headers. The spamass-milter software adds X-Spam-Checker-Version: X-Spam-Status: and, if it detects spam, X-Spam-Flag: YES X-Spam-Level: *** Now, spamass-milter *replaces* any of these if they are found in the incoming message. So, all the spam checking information added by my backup MX is replaced by the headers of my primary MX when it receives a message initially delivered to the backup MX, as they both use the same spamass-milter software. But it I look at a message received through this list, I see "Spam-X" headers added by "Debian amavisd-new at spamproc1-he-fi.apache.org". This software always adds X-Spam-Score: X-Spam-Level: X-Spam-Status: (but no X-Spam-Checker-Version:) to the top of the headers if the message is not classified as spam (it would also add "X-Spam-Flag" if it detects spam, I assume). Now, my own spamass-milter *replaces* "X-Spam-Status" at it's original position, and *adds* "X-Spam-Checker-Version" at the bottom (or top, if patched) of the headers. This is a mess... Wouldn't it be better if all previous "Spam-X" headers get completely removed? -- Robert Senger
Re: Position of X-Spam headers
On 05.07.23 04:38, Robert Senger wrote: Thanks for the hint that the milter is responsible for that. Found a little patch for spamass-milter that fixed this. note that the headers that appear first in the message are considered trusted, while those below do not. That's why most of milters put added headers at the beginning of message. On 7/4/2023 7:38 PM, Robert Senger wrote: > is there a reason why spamassassin adds its "X-Spam ..." headers to > the > bottom of the header block, not to the top like every other mail > filtering software (e.g. opendkim, opendmarc, clamav ... ) does? > Can > this behavious be changed? Am Dienstag, dem 04.07.2023 um 19:45 -0400 schrieb Jared Hall: Mine are at the top, but usually this is the responsibility of the Milter. What Milter/content_filter are you using? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot.
Re: Position of X-Spam headers
Thanks for the hint that the milter is responsible for that. Found a little patch for spamass-milter that fixed this. Regards, Robert Am Dienstag, dem 04.07.2023 um 19:45 -0400 schrieb Jared Hall: > On 7/4/2023 7:38 PM, Robert Senger wrote: > > is there a reason why spamassassin adds its "X-Spam ..." headers to > > the > > bottom of the header block, not to the top like every other mail > > filtering software (e.g. opendkim, opendmarc, clamav ... ) does? > > Can > > this behavious be changed? > Mine are at the top, but usually this is the responsibility of the > Milter. What Milter/content_filter are you using? > > -- Jared Hall > -- Robert Senger
Re: Position of X-Spam headers
Hi Jared, I am using spamass-milter. Robert Am Dienstag, dem 04.07.2023 um 19:45 -0400 schrieb Jared Hall: > On 7/4/2023 7:38 PM, Robert Senger wrote: > > is there a reason why spamassassin adds its "X-Spam ..." headers to > > the > > bottom of the header block, not to the top like every other mail > > filtering software (e.g. opendkim, opendmarc, clamav ... ) does? > > Can > > this behavious be changed? > Mine are at the top, but usually this is the responsibility of the > Milter. What Milter/content_filter are you using? > > -- Jared Hall > -- Robert Senger
Re: Position of X-Spam headers
On 7/4/2023 7:38 PM, Robert Senger wrote: is there a reason why spamassassin adds its "X-Spam ..." headers to the bottom of the header block, not to the top like every other mail filtering software (e.g. opendkim, opendmarc, clamav ... ) does? Can this behavious be changed? Mine are at the top, but usually this is the responsibility of the Milter. What Milter/content_filter are you using? -- Jared Hall
Position of X-Spam headers
Hi all, is there a reason why spamassassin adds its "X-Spam ..." headers to the bottom of the header block, not to the top like every other mail filtering software (e.g. opendkim, opendmarc, clamav ... ) does? Can this behavious be changed? Regards, Robert -- Robert Senger
Position of X-Spam-Headers
Hi, just installed the new version and found the position of the X-Spam-Headers between the "received"-lines.. Delivery-date: Thu, 15 Sep 2005 07:55:05 +0200 Received: from mail by lara.gay-web.de (envelope-from <[EMAIL PROTECTED]>) with spam-scanned (Exim 4.51) id 1EFmi7-000653-Ir for [EMAIL PROTECTED]; Thu, 15 Sep 2005 07:55:05 +0200 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on lara.gay-web.de X-Spam-Status: No, score=-100.0 required=2.2 tests=UPPERCASE_25_50, USER_IN_WHITELIST autolearn=ham version=3.1.0 X-Spam-Level: Received: from sunshine.mcs-hh.de ([194.77.146.6]:48129) by lara.gay-web.de (envelope-from <[EMAIL PROTECTED]>) with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.51) id 1EFmi7-00064v-Bb for [EMAIL PROTECTED]; Thu, 15 Sep 2005 07:55:03 +0200 Any possibility to change the behavior ?? Kind Regards Christian -- Christian Kühn (Technical Consultant / Hostmaster) == MCS MOORBEK COMPUTER SYSTEME GmbH Essener Bogen 17 - 22419 Hamburg - Germany Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200 eMail: [EMAIL PROTECTED] Web: http://www.mcs.de GPG 8B52 41A1 4B8F 4DE7 9064 2073 6168 137A 3DDA 0F36 ==