I'm new to the list but have been running SA for some time I am using spamassassin-3.0.4-1.fc3 with qmail-scanner-1.25-st-qms
+ autowhitelist No Razor No Pyzor No Bayes on a test system to evaluate SA. I had been running successfully (only a few spam emails getting through until shortly after upgrade to 3.0.4-1 ( circa august 1) I'm running with debug option and the logs show that the spam emails that are getting through are mostly those with "received-header: unknown format" entri es. Some of the "received-header: unknown format" entries:-- This header from a SPAM email scored at 13.3/5.0 ... Jul 31 07:44:33 backup spamd[3748]: debug: received-header: unknown format: from creative-workers.ch (creative-workers.ch [217.26.52.13])by user-0c99gr6.cab le.mindspring.com with esmtpid 7D892D14F9 for <emailremoved>; Sat, 30 Jul 2005 23:43:08 -0700 ... This header from a SPAM email scored at 0.8/5.0 ... Aug 1 07:25:28 backup spamd[3733]: debug: received-header: unknown format: from clv107.clv.al.alcoa.com (na-msw1.alcoa.com [192.135.120.50])by p54A6F7A6.di p.t-dialin.net with esmtpid B6EE2E4E54 for <emailremoved>; Sun, 31 Jul 2005 04:05:23 -0700 ... This header from a SPAM email scored at 3.2/5.0 ... Aug 1 07:25:30 backup spamd[3735]: debug: received-header: unknown format: from croqui.com.br (smtp-gw.croqui.com.br [200.182.98.155])by lau06-2-82-234-141 -64.fbx.proxad.net with esmtpid B3EBAEB7F8 for <emailremoved>; Sun, 31 Jul 2005 10:14:25 -0700 ... This header from a SPAM email scored at 1.6/5.0 ... Aug 1 07:25:39 backup spamd[3734]: debug: received-header: unknown format: from glnet.com (mx2.ewol.com [66.209.32.24])by pool-151-205-249-128.cap.east.ver izon.net with esmtpid 9A8F90A189 for <emailremoved>; Sun, 31 Jul 2005 20:44:41 -0700 ... This header from a SPAM email scored at 5.5/5.0 ... Aug 1 12:05:06 backup spamd[3734]: debug: received-header: unknown format: from heartbridge.org (mail.heartbridge.org [66.235.220.201])by 111.Red-83-41-82. pooles.rima-tde.net with esmtpid 9C1A7C9FF3 for <emailremoved>; Mon, 01 Aug 2005 04:02:48 -0700 ... This header from a SPAM email scored at 3.2/5.0 ... Aug 1 17:34:31 backup spamd[3734]: debug: received-header: unknown format: from darelfarouk.com.eg (domainsfilter.link.net [213.131.64.229])by isi-shop.dewith esmtpid 40E19F7354 for <emailremoved>; Mon, 01 Aug 2005 09:33:56 -0700 ... This header from a SPAM email scored at 0.5/5.0 ... Aug 2 01:00:33 backup spamd[3733]: debug: received-header: unknown format: from cioli.com (mail.cioli.com [62.94.222.235])by 82-170-124-168-mx.xdsl.tiscali.nl with esmtpid 70123723CF for <emailremoved>; Mon, 01 Aug 2005 15:39:31 -0700 ... This header from a SPAM email scored at 3.2/5.0 ... Aug 3 12:42:14 backup spamd[3735]: debug: received-header: unknown format: from advancenet.net (mx1.egix.net [209.131.216.157])by mercamicro.es with esmtpid 2E8F3674BC for <emailremoved>; Wed, 03 Aug 2005 04:41:24 -0700 ... This header from a SPAM email scored at 3.5/5.0 ... Aug 3 19:06:58 backup spamd[3732]: debug: received-header: unknown format: from coolwriter.com (mail.bluegravity.com [64.57.64.4])by jezo.com with esmtpid06FF902A83 for <emailremoved>; Wed, 03 Aug 2005 11:04:26 -0700 ... In the sample I looked at I've had only one email with the received-header problem that may not be spam. However that email was from an email marketing company. In my test setup I do not receive very many emails so I do not know if the above problem is representative of installations with a large email throughput I note from googling that there are references to this problem http://permalink.gmane.org/gmane.mail.spam.spamassassin.general/68550 and to an associated bug report http://bugzilla.spamassassin.org/show_bug.cgi?id=3949 It appears to me that the received-header: unknown format: is being exploited by the spammers to minimise the scoring. My questions are as follows: Does the header problem indicate that an email that is non compliant with rfc formats? Are there legitimate situations where you could expect this parsing problem to occur (Assuming email/SA software setup correctly)? Can I configure spamassassin to flag any email with this problem as spam? Chris
