duplicate subject lines in headers (again)

Mark Sapiro mark at msapiro.net
Sat Nov 12 20:35:41 UTC 2016 

On 11/07/2016 03:57 AM, Warwick Brown wrote:
> 
> Thanks for taking a look. It is difficult to replicate because there appears to be some yahoo MXs that cause the mail to fail the check, and others which let it succeed.


However, you shouldn't have to rely on Yahoo to complain about the
message. If MailScanner is duplicating the Subject: header, this almost
certainly doesn't depend on the mail being sent to Yahoo nor on Yahoo
ultimately bouncing it.

I would expect it to occur with all mail that has trailing spaces in the
Subject:, even a message you just send to yourself.


> Here is the MIME from a mail that succeeded (heavily obfuscated):
> 
...
> Received: from mailserver.core.domain.com (HELO smtp.domain.com) (1.2.3.4)
>   by server-12.tower-217.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 7 Nov 2016 11:27:49 -0000
> X-Spam-Status: No
> X-ObfuscatedOrg-MailScanner-Watermark: 1479122774.1594 at isZRSJkNKmb8yF20npzFJw
> Subject: double space at beginning an end
> X-ObfuscatedOrg-MailScanner-From: sender at domain.com
> X-ObfuscatedOrg-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> 	score=-0.999, required 6, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00)
> X-ObfuscatedOrg-MailScanner: Found to be clean
> X-ObfuscatedOrg-MailScanner-ID: 1c3i45-0002bU-SE
> X-ObfuscatedOrg-MailScanner-Information: Please report any suspicious emails to phishing at domain.com
> Received: from [10.20.30.40] (port=39922 helo=MYEXCHANGEHUB.ad.domain.com)
> 	by smtp.domain.com with esmtps (TLSv1:AES128-SHA:128)
> 	(Exim 4.86)
> 	(envelope-from <sender at domain.com>)
> 	id 1c3i45-0002bU-SE
> 	for yahoo_recipient at yahoo.com; Mon, 07 Nov 2016 11:26:13 +0000
> Received: from MYEXCHANGECCR.ad.domain.com ([169.254.1.220]) by
>  MYEXCHANGEHUB.ad.domain.com ([10.20.30.40]) with mapi; Mon, 7 Nov 2016
>  11:26:13 +0000
> From: Warwick Brown <sender at domain.com>
> To: "yahoo_recipient at yahoo.com" <yahoo_recipient at yahoo.com>
> Date: Mon, 7 Nov 2016 11:26:12 +0000
> Subject: double space at beginning an end  
...


>From the above, it seems that you have both

Use Watermarking = Yes
Place New Headers At Top Of Message = Yes

in your MailScanner config, but even with those settings and testing
with both messages that do and do not tag the Subject:, I still can't
duplicate this.

But, your MTA is Exim, and other info (see below) seems to say that this
may only be an issue when Exim is the MTA.

It seems clear that the second, "stripped" Subject is added by
MailScanner between adding its normal reporting headers and the
watermark header, but again, I can't duplicate this.

To test further, I'd like to know everything in your MailScanner config
that's different from default. Hopefully, you have all your changes in
/etc/MailScanner/conf.d/* and you can just send me or post those, but if
not, send me /etc/MailScanner/MailScanner.conf. Also, if you can test
with a simple message to yourself and find one that reliably triggers
the problem, I'd like to see that, both as it is sent and as it is
received after MailScanner duplicates the Subject:.

Also, I finally looked for and found the thread at
<http://lists.mailscanner.info/pipermail/mailscanner/2014-December/101817.html>,
and while it does contain some additional info, I'm still unable to
duplicate the issue.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list