Messages passing through Mailscanner lose X-Mailer headers, and turn up as SPAM, but no Mailscanner no problem

Glenn Steen glenn.steen at gmail.com
Tue Nov 14 10:06:15 GMT 2006 

On 13/11/06, Leah Cunningham <leah at frauerpower.com> wrote:
> I have a strange problem.  I have a client whose internal user is able to
> successfully send messages to me from their old Q-Mail server without a
> problem. If the same user, with the same mail client, computer, etc, sends a
> message through a newer mail server that I have set up for them that runs
> MailScanner (with Postfix), the message is detected by my own mail server
> (and many others) as Spam, and has different headers.  It seems part of the
> reason is that Spamassassin thinks it is a bogus Outlook, maybe because the
> X-Mailer header is not there.
>
> The major difference I notice is that in the one that went through
> MailScanner, we are missing these two headers that are in the one that went
> through their old mail server, and I want to know why:
>
> X-Mailer: Microsoft Outlook, Build 10.0.2627
> Importance: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>
> Here are the headers when the message is sent through their old Qmail based
> server:
(snip)
> Any ideas on why these headers are missing, and what else I might do so that
> we can have the new mail server work?  Please cc leah at heinous.org on this if
> it's not too much trouble.
>
Hi Leah,

Sounds like you should look at two places, where the first is the more
likely to be ... erroneous...
The first place is in your Postfix header_checks file, where you might
have added some fairly intrusive IGNOREs (from securitysage, no
less)... Probably something like:
/^X-Mailer:/                                   IGNORE  # This drops
the mailer or MTA program name on some systems
/^X-MimeOLE:/                                  IGNORE  # This drops
the MIME type header
/^X-MSMail-Priority:/                          IGNORE  # This drops
the Microsoft priority tag header
(watch out for the line wrapping)
Just comment those out, they are in all likelihood too agressive.

The second place to look your MailScanner.conf file where you have:
# If any of these headers are included in a a message, they will be deleted.
# This is very useful for removing return-receipt requests and any headers
# which mean special things to your email client application.
# X-Mozilla-Status is bad as it allows spammers to make a message appear to
# have already been read, which is believed to bypass some naive spam
# filtering systems.
# Receipt requests are bad as they give any attacker confirmation that an
# account is active and being read. You don't want this sort of information
# to leak outside your corporation. So you might want to remove
#     Disposition-Notification-To and Return-Receipt-To.
# If you are having problems with duplicate message-id headers when you
# release spam from the quarantine and send it to an Exchange server, then add
#     Message-Id.
# Each header should end in a ":", but MailScanner will add it if you forget.
# Headers should be separated by commas or spaces.
# This can also be the filename of a ruleset.
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:

... which likely happens after processing by SA, so likely isn't the
problem. But you might have added those X-* headers there:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list