Philip Prindeville wrote:
> The following message got through and I couldn't figure out why:
>
> ftp://ftp.redfish-solutions.com/pub/paypal4.eml
>
> so I ran:
>
> spamassassing -x -LD
>
> on it and saved the output into:
>
> ftp://ftp.redfish-solutions.com/pub/paypal4.log
>
> what's odd is that it reads the first line (the Return-Path:) line and
> then decides
> that this is the entirety of the header... ????
Eh? What makes you think that?
There's plenty of evidence it parsed all the headers.
---------------
[13171] dbg: check: is spam? score=0.553 required=5
[13171] dbg: check: tests=AWL,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,TO_CC_NONE
[13171] dbg: check:
subtests=__CT,__CTYPE_HTML,__CTYPE_MH_HTML,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__MIME_HTML,__MIME_VERSION,__NONEMPTY_BODY,__SANE_MSGID
---------------
In those subtests, the following rules would NOT hit if the return-Path: was the
only header.
__CT,__CTYPE_HTML,__CTYPE_MH_HTML,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__MIME_HTML,__MIME_VERSION,__SANE_MSGID
Based on those, SA parsed at LEAST the following headers correctly:
Message-ID:
Received:
Subject:
Content-Type:
MIME-Version:
It also appears to have parsed From: just fine:
---------------
[13171] dbg: eval: all '*From' addrs: [EMAIL PROTECTED]
[EMAIL PROTECTED]
---------------
The first one is in return-path, but the second one is in the from:
And Apparently-To:
---------------
[13171] dbg: eval: all '*To' addrs: [EMAIL PROTECTED]
---------------
So what makes you think the headers are not being parsed? Looks like normal
output to me...
Also, FWIW, clamav detects this email as a phishing-scam.
Virus HTML.Phishing.Pay-110 found
My SA detects it as spam with ease:
X-Spam-Status: Yes, score=7.0 required=5.0 tests=BAYES_50,DCC_CHECK,
DIGEST_MULTIPLE,HTML_MIME_NO_HTML_TAG,LOCAL_PAYPAL_ACCOUNT,
MIME_HTML_ONLY,NO_REAL_NAME,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,TO_CC_NONE autolearn=no
version=3.1.0
