BTW:reformat headers is dangerous these days, a message should be re-constrcuted 100% binary identical and only add own headers but never touch existing ones
the are part of DKIM and if you have a external forwarderwhere dbmail injects the message to sendmail changes in the headers will break signatures, see recent threads in context of DMARC/Yahoo
http://www.gossamer-threads.com/lists/spamassassin/users/180247 >> isn't the server by any change running courier MTA? some versions >> used to reformat some of mime headers which results in DKIM >> getting invalid Am 21.09.2014 um 12:19 schrieb Reindl Harald:
Am 21.09.2014 um 11:47 schrieb Paul J Stevens:It may well be dbmail/gmime doing this. But then, there is nothing in the rfcs that specifies such proprietary formatting of headers, afaik. If there is, please let me know, so I can ask Jeff to fix gmime.that's not a matter of RFC's that's a matter of usability and modify data honestly after re-construct a message should appear binary identical as it came through the MTA - frankly some headers can be part of a signature checksum why are received headers not fucked up the same way? they use the same "proprietary formatting" and the "References" field looks also fine - so why mangle "X-Spam-Report" Received: from dbmail01.icns.fastxs.net (dbmail01.icns.fastxs.net [213.214.111.4]) by mail-gw.thelounge.net (THELOUNGE GATEWAY) with ESMTP id 3j13pp4Rwnz1l for <h.rei...@thelounge.net>; Sun, 21 Sep 2014 11:47:14 +0200 (CEST) Received: by dbmail01.icns.fastxs.net (Postfix, from userid 1001) id 56324E22D; Sun, 21 Sep 2014 11:47:07 +0200 (CEST) Received: by dbmail01.icns.fastxs.net (Postfix, from userid 1001) id 4AB19E20B; Sun, 21 Sep 2014 11:47:04 +0200 (CEST) Received: from mx3.nfg.nl (mx3.nfg.nl [194.109.214.22]) by dbmail01.icns.fastxs.net (Postfix) with ESMTP id 42B36E1AC for <dbmail@dbmail.org>; Sun, 21 Sep 2014 11:47:04 +0200 (CEST) Received: from mail.nfg.nl (mail2.nfgs.net [194.109.214.20]) by mx3.nfg.nl (Postfix) with ESMTP id 5870860171 for <dbmail@dbmail.org>; Sun, 21 Sep 2014 12:10:43 +0000 (UTC) Received: from [172.16.1.42] (nfg1 [83.160.122.30]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.nfg.nl (Postfix) with ESMTPSA id 526B91437C for <dbmail@dbmail.org>; Sun, 21 Sep 2014 11:52:42 +0200 (CEST) Message-ID: <541e9e97.2030...@nfg.nl> Date: Sun, 21 Sep 2014 11:47:03 +0200 From: Paul J Stevens <p...@nfg.nl> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0 To: DBMail mailinglist <dbmail@dbmail.org> References: <5405ddd1.70...@thelounge.net> <001901cfc6c9$8d800fe0$a8802fa0$@jorge> <5406a8c1.7090...@lordvan.com> <77fbe1ac-79ea-42d2-8504-342f458c6...@email.android.com> In-Reply-To: <77fbe1ac-79ea-42d2-8504-342f458c6...@email.android.com> MIME-Version: 1.0 Subject: Re: [Dbmail] re-formatting of headers X-BeenThere: dbmail@dbmail.org X-Mailman-Version: 2.1.13 Precedence: list Reply-To: DBMail mailinglist <dbmail@dbmail.org> List-Id: DBMail mailinglist <dbmail.dbmail.org> List-Unsubscribe: <http://mailman.fastxs.nl/cgi-bin/mailman/options/dbmail>, <mailto:dbmail-requ...@dbmail.org?subject=unsubscribe> List-Archive: <http://mailman.fastxs.nl/pipermail/dbmail> List-Post: <mailto:dbmail@dbmail.org> List-Help: <mailto:dbmail-requ...@dbmail.org?subject=help> List-Subscribe: <http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail>, <mailto:dbmail-requ...@dbmail.org?subject=subscribe> Sender: dbmail-boun...@dbmail.org Errors-To: dbmail-boun...@dbmail.org X-Virus-Scanned: Yes X-Spam-Status: No, score=-4.5, tag-level=4.5, block-level=8.0 X-Spam-Report: * -0.0 CUST_DNSWL_3 RBL: dnswl-aggregate.thelounge.net (Low Trust) * [213.214.111.4 listed in dnswl-aggregate.thelounge.net] * 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail * domains are different * -2.0 USER_IN_MORE_SPAM_TO User is listed in 'more_spam_to' * -2.5 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000]On 03-09-14 09:25, Reindl Harald (mobile) wrote:The last recent stable ones as always, dbmail 3.1.x and gmime 2.6.x -------- Ursprüngliche Nachricht -------- Von: Thomas Raschbacher <lord...@lordvan.com> Gesendet: 03. September 2014 07:36:01 MESZ An: dbmail@dbmail.org Betreff: Re: [Dbmail] re-formatting of headers What gmime and dbmail versions are you getting this with? Am 02.09.2014 18:51, schrieb Reindl Harald (mobile):The current one - but how do that matter - SHA cli tools generate the proper formatted on the same machine, SA Upstream says there is only one place of code to generate this and the first response was "fix your mail client it must be the one reformat the header" thunderbird is for sure innocent, any download message has the same unreadable header -------- Ursprüngliche Nachricht -------- Von: Jorge Bastos <mysql.jo...@decimal.pt> Gesendet: 02. September 2014 18:18:37 MESZ An: 'DBMail mailinglist' <dbmail@dbmail.org> Betreff: Re: [Dbmail] re-formatting of headers Which spamassassin version?-----Original Message----- From: dbmail-boun...@dbmail.org [mailto:dbmail-boun...@dbmail.org] On Behalf Of Reindl Harald Sent: terça-feira, 2 de Setembro de 2014 16:10 To: Mailing-List dbmail Subject: [Dbmail] re-formatting of headers Hi who does that bad to spamassassin headers? gmime or dbmail? can this be avoided? normally they are expected to look like the second example which is a different mail but you know what i mean, that's what SA generates orginally X-Spam-Report: * -2.5 CUST_DNSWL_5 RBL: list.dnswl.org (High Trust) * [168.100.1.7 listed in list.dnswl.org] * -0.0 CUST_DNSWL_1 RBL: dnswl-low.thelounge.net (Low Trust) * [168.100.1.7 listed in dnswl-low.thelounge.net] * -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) * [168.100.1.7 listed in wl.mailspike.net] * 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail * domains are different * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider * (fernando.souto.maior[at]gmail.com) * 0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4 * address * 0.0 HTML_MESSAGE BODY: HTML included in message * 2.0 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4981] * 0.3 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML obfuscation * -0.5 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * -0.5 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.5 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and * EnvelopeFrom freemail headers are different Return-Path: owner-postfix-us...@postfix.org Content-Type: multipart/alternative; boundary=089e01493a0c18807d0502166800 _______________________________________________________________________ _______ X-Spam-Report: * -2.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 7.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9973] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is * CUSTOM_MED * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider * (reindl.harald[at]gmail.com) * 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)' * 0.6 URG_BIZ BODY: Contains urgent matter * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 0.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419) * 0.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419) * 0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list DBmail@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
