FP's on BAD_ENC_HEADER in bounces from Microsoft SMTPSVC

Nick Leverton Wed, 14 Jun 2006 08:31:12 -0700

Microsoft SMTPSVC seems to trigger BAD_ENC_HEADER when sending bounces if 
it's been given a non-English bounce template (or whatever M$ use for 
configuring that). Even bounces to correctly encoded mail.  I've got quite 
a number of examples, and all of them have a foreign language Subject 
line, encoded in =?unicode-1-1-utf-7?, but wrapped onto more than one 
line.


Three samples attached, from different SMTPSMV servers - jal.co.uk (Japan 
Airlines), ohl.de and ifg.com, all of which are legit correspondents.  I 
removed the original pre-bounce message except for its final Received 
header - this one which bounced the mail - and I overwrote the usernames 
for their privacy, but the mail domains, the incriminating Received line, 
and the rest of the headers are original.

header BAD_ENC_HEADER  ALL =~ /=\?[^?\s]+\?[^?\s]\?\s*[^?]+\s(?!\?=)/

I think the problem is that the Subject header although encoded does have 
spaces in, which is invalid for RFC2047 (and headers can only be split on 
whitespace, so the folded headers are doubly invalid).  

Is anyone else having trouble from this ?  With a net/bayes score of 3.100, 
it doesn't need many other rules to reach spam levels.  One of those 
samples hit HTML_50_60, HTML_FONT_BIG, HTML_MESSAGE, HTML_TAG_EXIST_TBODY, 
HTML_WEB_BUGS and  NO_REAL_NAME for a total score of 5.196 (ouch).  I've 
zeroed the BAD_ENC_HEADER score for myself, but wonder if it's affecting 
others too ?

Nick

--- Begin Message ---

From <>  Wed Jun 14 15:45:50 2006
Return-Path: <>
Delivered-To: spam-quarantine
X-Quarantine-id: <spam-20060612-234932-24639-02>
Received: (qmail 25540 invoked by uid 513); 12 Jun 2006 22:49:29 -0000
Received: from [61.121.116.237] (HELO fmjalmx.mobile-p.jp) (61.121.116.237)
    by mx1.diago.nl (qpsmtpd/0.28) with ESMTP; Mon, 12 Jun 2006 23:49:29 +0
100
Received: from fiptyosmvl02.jalnet ([192.168.1.26])
        by fmjalmx.mobile-p.jp (MOS 3.5.8-GR)
        with ESMTP id BKI91565;
        Tue, 13 Jun 2006 07:49:24 +0900 (JST)
Received: from fiptyosefl01.jalnet
        by fiptyosmvl02.jalnet (*-*) with ESMTP id k5CMnNS13006
        for <[EMAIL PROTECTED]>; Tue, 13 Jun 2006 07:49:23 +0900 (JST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Tue, 13 Jun 2006 07:49:23 +0900
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal"
X-DSNContext: 335a7efd - 4460 - 00000001 - 80040546
Message-ID: <[EMAIL PROTECTED]>
Subject: =?unicode-1-1-utf-7?Q?+kU1P4XK2YUuQGnfl-  
        (+MKgw6TD8-)?=

This is a MIME-formatted message.  
Portions of this message may be unreadable without a MIME-capable mail program.

--9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal
Content-Type: text/plain; charset=unicode-1-1-utf-7

+MFMwbpAad+Uwb4HqUtV2hDBrdR9iEDBVMIwwX5FNT+FytmFLkBp35TBnMFkwAg-

+ayEwblPXT+GABTB4MG6RTU/hMGtZMWVXMFcwfjBXMF8wAg-

       [EMAIL PROTECTED]




--9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal
Content-Type: message/delivery-status

Reporting-MTA: dns;fiptyosefl01.jalnet
Received-From-MTA: dns;fiptyosmvl01.jalnet
Arrival-Date: Tue, 13 Jun 2006 07:49:22 +0900

Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1

--9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal
Content-Type: message/rfc822

Received: from fiptyosmvl01.jalnet ([192.168.1.25]) by fiptyosefl01.jalnet with 
Microsoft SMTPSVC(5.0.2195.6713);
         Tue, 13 Jun 2006 07:49:22 +0900

--9B095B5ADSN=_01C6750D3EE8F25A00021345fiptyosefl01.jal--

--- End Message ---

--- Begin Message ---

From <>  Wed Jun 14 15:50:03 2006
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-To: <[EMAIL PROTECTED]>
X-Envelope-From: <>
X-Quarantine-id: <spam-20060613-175712-23044-02>
Received: (qmail 23889 invoked by uid 513); 13 Jun 2006 16:57:07 -0000
Received: from [82.127.1.35] (HELO ifg.com) (82.127.1.35)
    by mx3.diago.nl (qpsmtpd/0.28) with ESMTP; Tue, 13 Jun 2006 17:57:07 +0
100
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Tue, 13 Jun 2006 19:01:03 +0200
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="9B095B5ADSN=_01C689396DD7992800000542ifg.com"
X-DSNContext: 7ce717b1 - 1158 - 00000002 - 00000000
Message-ID: <[EMAIL PROTECTED]>
Subject: Notification  
        d'=?unicode-1-1-utf-7?Q?+AOk-tat  
        de  
        remise  
        (+AOk-chec)?=

This is a MIME-formatted message.  
Portions of this message may be unreadable without a MIME-capable mail program.

--9B095B5ADSN=_01C689396DD7992800000542ifg.com
Content-Type: text/plain; charset=unicode-1-1-utf-7

Cette notification d'+AOk-tat de remise est g+AOk-n+AOk-r+AOk-e automatiquement.

+AMk-chec de la remise aux destinataires suivants.

       [EMAIL PROTECTED]




--9B095B5ADSN=_01C689396DD7992800000542ifg.com
Content-Type: message/delivery-status

Reporting-MTA: dns;ifg.com
Received-From-MTA: dns;ifg.com
Arrival-Date: Tue, 13 Jun 2006 19:01:02 +0200

Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.2.2
X-Display-Name: Administrateur


--9B095B5ADSN=_01C689396DD7992800000542ifg.com
Content-Type: message/rfc822

Received: from mail pickup service by ifg.com with Microsoft SMTPSVC; Tue, 13 
Jun 2006 19:01:02 +0200

--9B095B5ADSN=_01C689396DD7992800000542ifg.com--

--- End Message ---

--- Begin Message ---

From <>  Wed Jun 14 15:45:50 2006
Return-Path: <>
Delivered-To: spam-quarantine
X-Quarantine-id: <spam-20060612-105453-30787-01>
Received: (qmail 31058 invoked by uid 513); 12 Jun 2006 09:54:49 -0000
Received: from [62.225.65.122] (HELO baumbart.ohl.de) (62.225.65.122)
    by mx1.diago.nl (qpsmtpd/0.28) with ESMTP; Mon, 12 Jun 2006 10:54:49 +0
100
Received: from localhost (localhost.localdomain [127.0.0.1])
        by baumbart.ohl.de (Postfix) with ESMTP id 063F24E00F
        for <[EMAIL PROTECTED]>; Mon, 12 Jun 2006 11:54:53 +0200 (CEST)
Received: from baumbart.ohl.de ([127.0.0.1])
        by localhost (baumbart [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id 18199-05 for <[EMAIL PROTECTED]>;
        Mon, 12 Jun 2006 11:54:50 +0200 (CEST)
Received: from CALIMEHTAR.ohl.local (unknown [192.168.1.22])
        by baumbart.ohl.de (Postfix) with ESMTP id C6AB04DF13
        for <[EMAIL PROTECTED]>; Mon, 12 Jun 2006 11:54:50 +0200 (CEST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Mon, 12 Jun 2006 11:54:34 +0200
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="9B095B5ADSN=_01C6586AFBD78BA700035092CALIMEHTAR.ohl.l"
X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546
Message-ID: <[EMAIL PROTECTED]>
Subject: Benachrichtung  
        zum  
        =?unicode-1-1-utf-7?Q?+ANw-bermittlungsstatus  
        (Fehlgeschlagen)?=
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at ohl.de

This is a MIME-formatted message.  
Portions of this message may be unreadable without a MIME-capable mail program.

--9B095B5ADSN=_01C6586AFBD78BA700035092CALIMEHTAR.ohl.l
Content-Type: text/plain; charset=unicode-1-1-utf-7

Dies ist eine automatisch erstellte Benachrichtigung +APw-ber den Zustellstatus.

+ANw-bermittlung an folgende Empf+AOQ-nger fehlgeschlagen.

       [EMAIL PROTECTED]




--9B095B5ADSN=_01C6586AFBD78BA700035092CALIMEHTAR.ohl.l
Content-Type: message/delivery-status

Reporting-MTA: dns;CALIMEHTAR.ohl.local
Received-From-MTA: dns;baumbart.ohl.de
Arrival-Date: Mon, 12 Jun 2006 11:54:34 +0200

Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1

--9B095B5ADSN=_01C6586AFBD78BA700035092CALIMEHTAR.ohl.l
Content-Type: message/rfc822

Received: from baumbart.ohl.de ([62.225.65.122]) by CALIMEHTAR.ohl.local with 
Microsoft SMTPSVC(6.0.3790.1830);
         Mon, 12 Jun 2006 11:54:34 +0200

--9B095B5ADSN=_01C6586AFBD78BA700035092CALIMEHTAR.ohl.l--

--- End Message ---

FP's on BAD_ENC_HEADER in bounces from Microsoft SMTPSVC

Reply via email to