duplicate subject lines causing yahoo mail rejection
Paul D. Walker
pauldwalker at gmail.com
Wed Nov 4 07:35:46 UTC 2015
I've found a bug in mailscanner I believe.
One of the users was having his mail rejected from yahoo with the following
error
#5.0.0 smtp; 554 Message not allowed - Headers are not RFC compliant[291]>
#SMTP#
I had to "solve" the problem by routing the mail directly, rather than
through the efa server.
Digging deeper, I discovered that if your subject line as a space at the
end, the mailscanner will duplicate the subject line without the trailing
space.
Example: (you'll see the first duplicate subject between the
X-SendingOrg-MailScanner-EFA-Watermark and
X-SendingOrg-MailScanner-EFA-From headers)
CODE: SELECT ALL <https://forum.efa-project.org/viewtopic.php?f=13&t=1294#>
Return-path: <pdwalker at sending_domain.com>
Envelope-to: pdwalker at receiving_domain.com
Delivery-date: Wed, 04 Nov 2015 07:05:36 +0000
Received: from mailx.sending_domain.com ([112.120.80.132])
by linode.receiving_domain.com with esmtp (Exim 4.63)
(envelope-from <pdwalker at sending_domain.com>)
id 1Zts8U-0008Rk-MC
for pdwalker at receiving_domain.com; Wed, 04 Nov 2015 07:05:36 +0000
X-Spam-Status: No
X-SendingOrg-MailScanner-EFA-Watermark: 1447225334.7874@
+F3UH5veY3iYSrMhwplUJw
Subject: subject with a space at the end
X-SendingOrg-MailScanner-EFA-From: pdwalker at sending_domain.com
X-SendingOrg-MailScanner-EFA-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=-9.999, required 4,
autolearn=not spam, ALL_TRUSTED -8.00, BAYES_00 -1.90,
DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10,
HTML_MESSAGE 0.00)
X-SendingOrg-MailScanner-EFA: Found to be clean
X-SendingOrg-MailScanner-EFA-ID: 96785180061.A1ACE
X-SendingOrg-MailScanner-EFA-Information: Please contact
itsupport at sending_domain.com for more information
Received: from mailx.sending_domain.com (csnwex003 [10.10.1.12])
(using TLSv1 with cipher RC4-MD5 (128/128 bits))
(No client certificate requested)
by mailx.sending_domain.com (Postfix) with ESMTPS id 96785180061
for <pdwalker at receiving_domain.com>; Wed, 4 Nov 2015 15:02:13 +0800
(HKT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sending_domain.com;
s=default; t=1446620533;
bh=rZAo4KkiyZoz6WmTr617gCT5XCHpgJttbzJISCaSoHU=;
h=From:To:Date:Subject;
b=KmZ9nL0LgR6thtTQx1siLG6TJ8dBiIGXgO1caSLziC8OD4jR+9og+WTQ+g+oX5/SB
rf9ObNhJgOfWl4Xnw8qAZbRCwn80iT2NCd3JVt+OGdiXw9p1C+OU7DIOYbylNR+xXy
dudzWjqw5w/VFLsZaKbUnzX6fM+gOR566ngUaBDY=
Received: from CSNWEX003.sending_domain.local ([10.10.1.12]) by
CSNWEX003.sending_domain.local ([10.10.1.12]) with mapi; Wed, 4 Nov 2015
15:00:42 +0800
From: "Paul D. Walker" <pdwalker at sending_domain.com>
To: "pdwalker at receiving_domain.com" <pdwalker at receiving_domain.com>
Date: Wed, 4 Nov 2015 15:02:10 +0800
Subject: subject with a space at the end
Thread-Topic: subject with a space at the end
Thread-Index: AdEWzoTrviBuMoqDR2+PoISGliMMww==
Message-ID: <D25FCE72.4CA02%pdwalker at sending_domain.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.7.151005
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_D25FCE724CA02pdwalkersending_domaincom_"
MIME-Version: 1.0
X-Spam-Score: -2.0 (--)
X-Spam-Report: Spam detection software, running on the system "
linode.receiving_domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: asdf sdfsd asdf sdfsd [...]
Content analysis details: (-2.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sending_domain.com]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
--_000_D25FCE724CA02pdwalkersending_domaincom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
asdf sdfsd
--_000_D25FCE724CA02pdwalkersending_domaincom_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Georgia, sans-serif;"><div>asdf sdfsd</div></body></=
html>
--_000_D25FCE724CA02pdwalkersending_domaincom_--
as opposed to this one (subject - no spaces at the end)
CODE: SELECT ALL <https://forum.efa-project.org/viewtopic.php?f=13&t=1294#>
Return-path: <pdwalker at sending_domain.com>
Envelope-to: pdwalker at receiving_domain.com
Delivery-date: Wed, 04 Nov 2015 07:21:06 +0000
Received: from mailz.forscientia.com ([223.255.133.202] helo=
mailx.sending_domain.com)
by linode.receiving_domain.com with esmtp (Exim 4.63)
(envelope-from <pdwalker at sending_domain.com>)
id 1ZtsNU-0008S0-AN
for pdwalker at receiving_domain.com; Wed, 04 Nov 2015 07:21:06 +0000
X-Spam-Status: No
X-SendingOrg-MailScanner-EFA-Watermark:
1447226265.54661 at f2Rtd1DFrwSsagFkybqXtg
X-SendingOrg-MailScanner-EFA-From: pdwalker at sending_domain.com
X-SendingOrg-MailScanner-EFA-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=-7.133, required 4,
ALL_TRUSTED -8.00, BAYES_00 -1.90, DKIM_SIGNED 0.10,
DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FSL_BULK_SIG 1.47,
HTML_MESSAGE 0.00, PYZOR_CHECK 1.39)
X-SendingOrg-MailScanner-EFA: Found to be clean
X-SendingOrg-MailScanner-EFA-ID: 1C6AE180061.A1B27
X-SendingOrg-MailScanner-EFA-Information: Please contact
itsupport at sending_domain.com for more information
Received: from mailx.sending_domain.com (csnwex003 [10.10.1.12])
(using TLSv1 with cipher RC4-MD5 (128/128 bits))
(No client certificate requested)
by mailx.sending_domain.com (Postfix) with ESMTPS id 1C6AE180061
for <pdwalker at receiving_domain.com>; Wed, 4 Nov 2015 15:17:45 +0800
(HKT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sending_domain.com;
s=default; t=1446621465;
bh=ktlUCNmPPnUJzxghfWa5jBleOBUjJTy4TdfFySc0MRg=;
h=From:To:Date:Subject;
b=cLwIBLbizpCxexxc5B5zF97idtFt0yy8pxhH6SHfGJHHLdyu6jX6oEjV2bHxZlqTG
F67kksRjVZ2cPMEE44GUJxO7trMYdCxVGpSP3a1hHfqMthZhAsyxxDocImMGn4PoVZ
UcNpLJ0mcm0Fwjsry84HkqZF9ujsgz95IwUYnK/A=
Received: from CSNWEX003.sending_domain.local ([10.10.1.12]) by
CSNWEX003.sending_domain.local ([10.10.1.12]) with mapi; Wed, 4 Nov 2015
15:16:14 +0800
From: "Paul D. Walker" <pdwalker at sending_domain.com>
To: "pdwalker at receiving_domain.com" <pdwalker at receiving_domain.com>
Date: Wed, 4 Nov 2015 15:17:42 +0800
Subject: no spaces at the end of the subject
Thread-Topic: no spaces at the end of the subject
Thread-Index: AdEW0LChkEXIm5NjTZeQCNbu4X6Szg==
Message-ID: <D25FD216.4CA05%pdwalker at sending_domain.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.7.151005
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_D25FD2164CA05pdwalkersending_domaincom_"
MIME-Version: 1.0
X-Spam-Score: -2.0 (--)
X-Spam-Report: Spam detection software, running on the system "
linode.receiving_domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: test test [...]
Content analysis details: (-2.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sending_domain.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
--_000_D25FD2164CA05pdwalkersending_domaincom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
test
--_000_D25FD2164CA05pdwalkersending_domaincom_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Georgia, sans-serif;"><div>test</div></body></html>
--_000_D25FD2164CA05pdwalkersending_domaincom_--
Any suggestions for solving this problem other than telling users never to
add spaces at the end of the subject, or routing yahoo.com mail away from
the mailscanner appliance?
:wq!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20151104/721cd0df/attachment.html>
More information about the MailScanner
mailing list