On 04/10/2011 01:58, RW wrote:
On Mon, 03 Oct 2011 23:12:57 +0100
Frank Leonhardt wrote:
I'm having a great deal of trouble writing a rule to match something
in a Received: header. The problem is that sendmail(?) is whitespace
wrapping the header. In other words, instead of:
Headers are converted into a single line before the header rules are
run against them. I think you've probably just made a silly mistake
somewhere.
<snip>
$ spamc -u test< /tmp/test.txt | grep " TEST_RULE"
* 0.0 TEST_RULE TEST_RULE
Thanks - that's exactly what I thought should happen. I was starting to
think I was going crazy. I didn't think of running from the command line
- good idea. I'd tried everything else.
So, doing this using the actual rule and an actual header it *does*
work. It's only when its run through the milter that it fails to match.
If we're right about wrapped headers not mattering, the only explanation
is that spamd isn't seeing the the same headers as those that appear on
the final email. This sort-of makes sense - sendmail calls the milter
BEFORE adding the final header IIRC. It's also supposed to fake-up the
header before it goes to the milter, to allow that to function (I
believe). It's not something that's every gone wrong so I've never
looked at it.
Stuff on the first line of the header is detectable. Stuff on subsequent
lines (as they appear in the final message) isn't. I haven't messed up
the perl regex because (a) the test is so trivial I even I couldn't get
confused by it; and (b) your suggestion of proving it using spamc works.
It's configured and the rule is "seen" - I know this because it does
detect patterns in the first line.
What's going wrong?
I should have mentioned the versions:
SpamAssassin 3.3.2 (2011-06-06)
sendmail Version 8.14.4
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
FreeBSD 8.2-RELEASE
What might help is a way to see what the spamd is seeing as a headers
when it's "live", but I can't see an easy way to do this.
Thanks, Frank.
--
--------------
Sent from my Cray XT5