Spam Assassin - Headers being munged

This is the Mailtraq Peer Support forum. Get assistance using and managing Mailtraq, and help others solve problems too.

Spam Assassin - Headers being munged

Postby mollcons » Sun Sep 01st, 2013 9:04am

Mailtraq Version: 2.17.5.3342

It looks as though Spam Assassin is changing the headers on emails as they are transferred to the user mailbox. It is stripping out the [Received] headers with the originator IP address in. This is preventing me from properly identifying the originator when forwarding to ISP's to get the abuse handled.

How do I get this behaviour stopped?

Examples of before and after are shown below:

Before:
Return-path: <hosting@zen.co.uk>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
legolas.mollcons.local
X-Spam-Level:
X-Spam-Status: No, score=-0.1 required=5.0 tests=RCVD_IN_HOSTKARMA_NO,
T_FILL_THIS_FORM_SHORT,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mailserver.stow-jones.co.uk by mailserver.stow-jones.co.uk with POP3 (Mailtraq/2.17.5.3342)
id MLSR345BC0A1; Sun, 01 Sep 2013 11:48:42 +0100
Envelope-to: chris@stow-jones.co.uk
Delivery-date: Sun, 01 Sep 2013 11:48:33 +0100
Received: from bastion01d.mail.zen.net.uk ([212.23.3.116]:59998)
by shcp01.hosting.zen.net.uk with esmtp (Exim 4.80.1)
(envelope-from <hosting@zen.co.uk>)
id 1VG5Cr-0001ea-9y
for chris@stow-jones.co.uk; Sun, 01 Sep 2013 11:48:33 +0100
Received: from smarthost01c.mail.zen.net.uk ([212.23.1.5])
by bastion01d.mail.zen.net.uk with esmtp (Exim 4.72)
(envelope-from <hosting@zen.co.uk>)
id 1VG5Cr-0007N5-R4
for chris@stow-jones.co.uk; Sun, 01 Sep 2013 10:48:38 +0000
Received: from [212.23.9.250] (helo=MAILISVISNETICS)
by smarthost01c.mail.zen.net.uk with esmtp (Exim 4.80)
(envelope-from <hosting@zen.co.uk>)
id 1VG5Cr-0007bS-Ot
for chris@stow-jones.co.uk; Sun, 01 Sep 2013 11:48:33 +0100
X-Mailer: VisNetic MailFlow 4.9.2.2
From: "Zen - Hosting Support" <hosting@zen.co.uk>
To: <chris@stow-jones.co.uk>
Subject: RE: cPanel - Email Problem - Submitted 30/08/2013 21:33:08 [5902485:4467176]
Date: Sun, 1 Sep 2013 11:48:15 +0100
Message-Id: <52231B81.012B30.03620@MAILISVISNETICS.office.zen.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
X-Originating-smarthost01c-IP: [212.23.9.250]
X-ZenAWL-Match: false
X-Zen-Test-Spam-Score: 0
X-Zen-Test-Spam-Bar: (/)
X-Originating-bastion01d-IP: [212.23.1.5]
X-Envelope-From: hosting@zen.co.uk
X-Envelope-To: chris@stow-jones.co.uk
X-Apparently-To: chris@stow-jones.co.uk
X-Zen-Loop2: f6f49aff1f1ccb985a3bec8e8b7d154c
X-Antivirus: AVG for E-mail 2013.0.3392 [3222/6627]
X-Mtq-Filter: Score=0; trigger=100; scan=30
X-AVG-ID: ID6DD0E3EE-30F6DA88
X-Hops: 1


After:
Return-Path: <hosting@zen.co.uk>
From: "Zen - Hosting Support" <hosting@zen.co.uk>
To: <chris@stow-jones.co.uk>
Subject: RE: cPanel - Email Problem - Submitted 30/08/2013 21:33:08 [5902485:4467176]
Date: Sun, 1 Sep 2013 11:48:15 +0100
Message-ID: <52231B81.012B30.03620@MAILISVISNETICS.office.zen.co.uk>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: VisNetic MailFlow 4.9.2.2
Thread-Index: AQKZq2EMzlqY58G4Lo7asBT8k1WtoA==
X-OlkEid: 00000000AAE058EFB030F44188DBEB13EB280D760700C3B68E10F77511CEB4CD00AA00BBB6E600000000000C0000D9539C2261A6BB45B9DAB62C7081B3C101006D1E0000000097184CE4D052504D8272B7FD662643AB
X-Antivirus: AVG for E-mail
Chris Jones
Mollington Consultants Limited
[url]http://www.mollingtonconsultants.com/[/url]
mollcons
Expert User
 
Posts: 135
Joined: Wed Jun 06th, 2007 4:26pm
Location: Chester, UK

Re: Spam Assassin - Headers being munged

Postby Elric Pedder » Sun Sep 01st, 2013 11:00am

My understanding is that SpamAssassin simply turns the original e-mail into an attachment inside the notification e-mail (which contains some of the same headers but all potentially false or dangerous headers are removed). You are expected to forward the attached e-mail which is precisely preserved.
Mailtraq Development and Escalation Support
Novitraq Incorporated
User avatar
Elric Pedder
Mailtraq Escalation Support
 
Posts: 2675
Joined: Tue Nov 23rd, 2004 1:16pm
Location: Montreal, Canada

Re: Spam Assassin - Headers being munged

Postby mollcons » Sun Sep 01st, 2013 12:50pm

Yes. I am aware that SA does that when it finds an email that is classed as spam. That I can handle. The problem arises with emails that SA does not class as spam, but are. SA does not generate the attachment, but clearly strips the relevant headers before depositing the mail in the user mailbox. The example headers show what SA seems to be doing here. The before example is what is in the Inbound mailbox, and the munged headers are in the user mailbox.
Chris Jones
Mollington Consultants Limited
[url]http://www.mollingtonconsultants.com/[/url]
mollcons
Expert User
 
Posts: 135
Joined: Wed Jun 06th, 2007 4:26pm
Location: Chester, UK

Re: Spam Assassin - Headers being munged

Postby mollcons » Fri Sep 06th, 2013 3:29pm

Elric,

Do you have any further information on this? The emails that are classed as spam, and which are routed to a spam mailbox are as you suggest including the full headers in an attachment, but all other emails have the headers munged when they land in the user mailbox, but the headers are still there intact in the inbound message store.
Chris Jones
Mollington Consultants Limited
[url]http://www.mollingtonconsultants.com/[/url]
mollcons
Expert User
 
Posts: 135
Joined: Wed Jun 06th, 2007 4:26pm
Location: Chester, UK

Re: Spam Assassin - Headers being munged

Postby Elric Pedder » Fri Sep 06th, 2013 4:43pm

Sorry for the late reply. No I have no idea how that is happening. Have you ever modified the spamassassin.cf file to change its behaviour? I've never seen SpamAssassin modify the headers except when producing the report encapsulating the original message. Is it possible something else is removing the other headers if you haven't re-configured SpamAssassin?
Mailtraq Development and Escalation Support
Novitraq Incorporated
User avatar
Elric Pedder
Mailtraq Escalation Support
 
Posts: 2675
Joined: Tue Nov 23rd, 2004 1:16pm
Location: Montreal, Canada

Re: Spam Assassin - Headers being munged

Postby mollcons » Fri Sep 06th, 2013 6:06pm

Hi Elric
This only seems to affect one mailbox, so I dont think that this is a SpamAssassin configuration issue. I will have another look at the only user this currently affects to see what else may have changed.
Chris Jones
Mollington Consultants Limited
[url]http://www.mollingtonconsultants.com/[/url]
mollcons
Expert User
 
Posts: 135
Joined: Wed Jun 06th, 2007 4:26pm
Location: Chester, UK

Re: Spam Assassin - Headers being munged

Postby Elric Pedder » Sat Sep 07th, 2013 5:26pm

I notice you are running Jim's filter (header "X-Mtq-Filter"). Are you running any other scripts that might alter the message?
Mailtraq Development and Escalation Support
Novitraq Incorporated
User avatar
Elric Pedder
Mailtraq Escalation Support
 
Posts: 2675
Joined: Tue Nov 23rd, 2004 1:16pm
Location: Montreal, Canada

Re: Spam Assassin - Headers being munged

Postby mollcons » Sat Sep 07th, 2013 6:38pm

Hi Elric
I have not made any changes to the way that scripts are run for several years.this change I have noticed only started a couple of weeks ago, after I amended the way that SpamAssassin is configured. So I don't think that scripting is the cause of this.

Looking at the mailbox for the user that is affected, if thee are two copies of one email then the one with no flags set will have the full headers, whereas the one with the /READ flag set will have the reduced headers.
Chris Jones
Mollington Consultants Limited
[url]http://www.mollingtonconsultants.com/[/url]
mollcons
Expert User
 
Posts: 135
Joined: Wed Jun 06th, 2007 4:26pm
Location: Chester, UK


Return to Mailtraq Support

Who is online

Users browsing this forum: No registered users and 3 guests

cron