inconsistent SPF - bug

Julian Field mailscanner at ecs.soton.ac.uk
Tue Dec 14 09:09:38 GMT 2004 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Please try the attached (short) patch to SA.pm and let me know what happens.

Julian Field wrote:

> Thanks for that, I will work on this tomorrow.
>
> Mark Nienberg wrote:
>
>> Julian,
>>
>> I think I've tracked down the problem with inconsistent SPF test
>> results. In the following discussion I will assume that MailScanner is
>> set up with the defaults of :
>>
>> Envelope From Header = X-MailScanner-From:  (in MailScanner.conf)
>> envelope_sender_header X-MailScanner-From  (in spam.assassin.prefs.conf)
>>
>> Bad SPF results seem to come from messages that have  passed through
>> another MailScanner server and already had the X-MailScanner-From
>> header added.
>>
>> In  "SA.pm" you  construct  the message to pass to SA by starting with
>> an X-MailScanner-From header at the top,  then addding the original
>> headers (which might include an X-MailScanner-From header), and then
>> adding the message body.  Spamassassin then extracts the  envelope
>> information from  the headers by looking for X-MailScanner-From.  If
>> there is more than one such header, SA joins the values rather than
>> using the first one, as you might expect.  See SA's "get_envelope_from"
>> subroutine in "PerMsgStatus.pm" for the procedure it uses.  I haven't
>> invetigated what SPF does with the mess it receives, but I suspect it
>> throws away everything before the final @, so that it performs the check
>> using the domain that was in the final X-MailScanner-From header instead
>> of the one that you added at the top of the message.
>>
>> I think the solution is for MailScanner to delete any X-MailScanner-From
>> headers (or whatever is specified in envelope_sender_header) from the
>> original message headers before adding  them to  the  message that will
>> be passed to SpamAssassin.
>>
>> --
>> Mark Nienberg, SE
>> Tipping Mar + associates
>> 1906 Shattuck Ave
>> Berkeley, CA 94704
>> http://www.tippingmar.com
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2: "Attached Text" ]

--- SA.pm.old   2004-10-16 15:23:15.000000000 +0100
+++ SA.pm       2004-12-14 09:07:59.000000000 +0000
@@ -323,10 +323,18 @@
   # For SpamAssassin 3 we add the "EnvelopeFrom" header to make SPF work
   my $fromheader = MailScanner::Config::Value('envfromheader', $message);
   $fromheader =~ s/:$//;
+
+  # Build a list of all the headers, so we can remove any $fromheader that
+  # is already in there.
+  my @SAheaders = $global::MS->{mta}->OriginalMsgHeaders($message, "\n");
+  @SAheaders = grep !/^$fromheader\:/i, @SAheaders;
+  @SAheaders = grep !/^\s*$/, @SAheaders; # ditch blank lines
+
   push(@WholeMessage, $fromheader . ': ' . $message->{from} . "\n")
     if $fromheader;

-  push(@WholeMessage, $global::MS->{mta}->OriginalMsgHeaders($message, "\n"));
+  #push(@WholeMessage, $global::MS->{mta}->OriginalMsgHeaders($message, "\n"));
+  push(@WholeMessage, @SAheaders);
   #print STDERR "Headers are : " . join(', ', @WholeMessage) . "\n";
   unless (@WholeMessage) {
     flock($RebuildLockH, $LOCK_UN) if $BayesIsLocked;

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list