duplicate subject lines in headers (again)
Warwick Brown
Warwick.x.Brown at serco.com
Sun Nov 13 20:36:44 UTC 2016
> Can you try a test for me?
>
> The test would be
>
> 1) stop the outgoing Exim only - leave the incoming Exim running.
> 2) send yourself a message with trailing space(s) in Subject:
> 3) copy /var/spool/exim.out for later examination
> 4) start the outgoing Exim
>
> Then examine the copy of /var/spool/exim.out and find your message which
> should have two 'nnn Subject: ...' lines (nnn is the number of
> characters in the header). What you should see is the original one with
>
> nnn Subject: ...
>
> and the added one (probably above the original) with trailing spaces
> removed and an asterisk.
>
> nnn* Subject: ...
>
> If there is no asterisk, There is a problem with MailScanner. If there
> is an asterisk and the message gets delivered with two Subject: headers,
> the problem is in the outgoing Exim.
>
> If you can do this test, let us know what you find.
Nice and quick test.....not the answer you were hoping for though:
018 X-Spam-Status: No
076 X-MyOrg-MailScanner-Watermark: 1479672988.91017 at AfSF0dfSQNo9m+YscRQWqA
033 Subject: Has two trailing spaces
048 X-MyOrg-MailScanner-From: me at externaldomain.com
038 X-MyOrg-MailScanner-SpamScore: 4
204 X-MyOrg-MailScanner-SpamCheck: not spam, SpamAssassin (score=4.107,
required 6, ALL_TRUSTED -1.00, INVALID_MSGID 1.17, MISSING_DATE 1.40,
MISSING_FROM 1.00, MISSING_HEADERS 1.21, MSGID_SHORT 0.34)
044 X-MyOrg-MailScanner: Found to be clean
046 X-MyOrg-MailScanner-ID: 1c61C4-0001vp-58
096 X-MyOrg-MailScanner-Information: Please report any suspicious emails to phishing at myorg.com
253P Received: from [10.11.12.13] (port=57525 helo=moo)
by smtp.myorg.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
(envelope-from <me at externaldomain.com>)
id 1c61C4-0001vp-58
for warwick at myorg.com; Sun, 13 Nov 2016 20:16:28 +0000
024I Message-ID: Faked-By-Me
035 Subject: Has two trailing spaces
I checked the file in vi and the subject on the bottom line definitely has the trailing spaces.
The delivered mail contains both subject lines - interestingly - Exchange seems to strip the modified subject line, but I did another test and sent it to a courier IMAP server, the mail file clearly shows both subjects:
Return-path: <me at externaldomain.com>
Envelope-to: Roleaccount-Postmaster at post.myorg.com
Delivery-date: Sun, 13 Nov 2016 20:28:00 +0000
Received: from [2.3.4.5] (helo=smtp.myorg.com)
by mail.myorg.com with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256)
(Exim 4.85)
(envelope-from <me at externaldomain.com>)
id 1c61Ng-0001Yo-Fx
for Roleaccount-Postmaster at post.myorg.com; Sun, 13 Nov 2016 20:28:00 +0000
X-Spam-Status: Yes
X-MyOrg-MailScanner-Watermark: 1479673632.70114 at SuInET/cJzqXOwWxS3aXHw
Subject: {Spam?} Trailing spaces
X-MyOrg-MailScanner-From: me at externaldomain.com
X-MyOrg-MailScanner-SpamScore: 9
X-MyOrg-MailScanner-SpamCheck: spam, SpamAssassin (score=9.96,
required 6, BODY_SINGLE_WORD 1.08, FSL_HELO_NON_FQDN_1 0.00,
INVALID_MSGID 1.17, MISSING_DATE 1.40, MISSING_FROM 1.00,
MISSING_HEADERS 1.21, MSGID_SHORT 0.34, RDNS_NONE 1.27,
TVD_SPACE_RATIO 0.00, TVD_SPACE_RATIO_MINFP 2.50)
X-MyOrg-MailScanner: Found to be clean
X-MyOrg-MailScanner-ID: 1c61MZ-0003FP-BR
X-MyOrg-MailScanner-Information: Please report any suspicious emails to phishing at myorg.com
Received: from [2.3.4.6] (port=36355 helo=moo)
by smtp.myorg.com with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256)
(Exim 4.86)
(envelope-from <me at externaldomain.com>)
id 1c61MZ-0003FP-BR
for postmaster at myorg.com; Sun, 13 Nov 2016 20:27:12 +0000
Message-ID: Faked-By-Me
Subject: Trailing spaces
Blah
So I'm afraid it does look like MailScanner rather than exim....
do we need to dig down into perl modules? When I built MailScanner, I gave it it's own installation of Perl so it wouldn't get messed up by the system-provided (RPM based) perl (so perl is installed in /opt/Mailscanner/bin/perl) and I updated all the install and run-time scripts to use this specific version of perl. See below:
# /opt/MailScanner/bin/perl -v
This is perl 5, version 22, subversion 1 (v5.22.1) built for x86_64-linux-thread-multi
Copyright 1987-2015, Larry Wall
Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
# grep perl MailScanner
#!/opt/MailScanner/bin/perl -U -I/opt/MailScanner/lib
if ($path =~ m#/usr/(local/)?lib\d*/perl\d*/\d\.\d#) {
# perl5 paths in @corepaths. We want notcore + core, so the notcore ones
print STDERR "\n\n**** ERROR: You must upgrade your perl IO module to at least\n**** ERROR: version 1.2301 or MailScanner will not work!\n\n";
print STDERR "\n\n**** ERROR: You must upgrade your perl IO::Stringy module to at least\n**** ERROR: version 2.110 or MailScanner will not work!\n\n";
# Read the configuration file properly
# Read the configuration file properly
# Read the configuration file properly
# This child's parent is perl
MailScanner::Log::WarnLog("WARNING: You are trying to use the Processing Attempts Database but your DBI and/or DBD::SQLite Perl modules are not properly installed!");
MailScanner::Log::WarnLog("WARNING: You are trying to use the Processing Attempts Database but your DBI and/or DBD::SQLite Perl modules are not properly installed!");
#
The perl has all the right modules installed, however I am aware I need to do some work (as per the lint output) on the DBI module
Thanks again,
Warwick
More information about the MailScanner
mailing list