On 3 Jul 2016, at 14:48, Alex wrote:
On 2016-07-03 20:18, Alex wrote:
whitelist_from *@pm.sprintpcs.com
[...]
From: Sprint User <5556142...@pm.sprint.com>
One of these things is not like the other... Not that it actually
matters.
This is also substantially confused by the fact that your pastebin
version is both mangled by whatever is "quarantining" the message and
apparently manually munged for privacy. That is probably confusing some
of the people offering "help" becuase it isn't obvious what is
substituted for what and how various oddities arose in that odd
message...
In my experience messages recently emerging from Sprint PCS (these days
just called "Sprint" because they've almost entirely exited all other
businesses and "PCS" has no particular branding value) come from
'1[10-digits]@pm.sprint.com' as RFC5321.MailFrom and
'[10-digits]@pm.sprint.com' as RFC5322.From and look like the one below
which I just sent myself. All redactions are enclosed in [] and
represent these values:
10DIGIT: My 10-digit (NANP) phone number used to send the SMS
LOCALALIAS: The virtual alias in scconsult.com it was sent to
LOCALUSER: The real user on the real host that handled final delivery
There is NO OTHER modification of the message as delivered. X-Spam-Score
and X-Spam-Score headers are added locally by MIMEDefang and represent
the analysis by the local instance of SpamAssassin
===== BEGIN SAMPLE MESSAGE =====
Return-Path: <1[10DIGIT]@pm.sprint.com>
X-Original-To: [LOCALALIAS]@scconsult.com
Delivered-To: [LOCALUSER]@toaster.scconsult.com
Received: from lxnsmsomta01.localdomain (smtp1a.mo.sprintpcs.com
[66.1.208.6])
by toaster.scconsult.com (Postfix) with ESMTP id 3rk30K3Rt5z1Zfg5v
for <localal...@scconsult.com>; Mon, 4 Jul 2016 19:20:33 -0400 (EDT)
Received: from musres11.nmcc.sprintspectrum.com (unknown [10.25.157.71])
by lxnsmsomta01.localdomain (Postfix) with ESMTP id 7520F6807
for <[LOCALALIAS]@scconsult.com>; Mon, 4 Jul 2016 18:20:27 -0500 (CDT)
Resent-Date: Mon, 04 Jul 2016 23:20:27 GMT
Resent-From: [LOCALALIAS]@scconsult.com
Resent-To: [LOCALALIAS]@scconsult.com
Received: by pixmbl.com ; Mon, 04 Jul 2016 23:20:27 GMT
Content-Type:
multipart/related;boundary=1_577AEF37_3309AC80;type="text/html"
Date: Mon, 04 Jul 2016 23:20:23 GMT
To: [LOCALALIAS]@scconsult.com
From: [10DIGIT]@pm.sprint.com
Message-ID: <shdo2i...@musres11.nmcc.sprintspectrum.com>
Mime-Version: 1.0
X-Spam-Score: 4.122 (****)
BAYES_60,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_SUBJECT,SCC_DEBUG,SCC_RCVD_FORMAT3
Subject:
X-Spam-Status: Maybe, score=4.122 required=4.3
tests=[BAYES_60,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_SUBJECT,SCC_DEBUG,SCC_RCVD_FORMAT3]
--1_577AEF37_3309AC80
Content-Type: text/html;charset="UTF-8"
Content-Transfer-Encoding: base64
PEhUTUw+CiAgICAgICAgPEhFQUQ+CiAgICAgICAgICAgICAgICA8VElUTEU+PC9USVRMRT4KICAg
ICAgICA8L0hFQUQ+CiAgICAgICAgPEJPRFk+CiAgICAgICAgICAgICAgICA8UCBhbGlnbj0ibGVm
dCI+PEZPTlQgZmFjZT0iVmVyZGFuYSIgY29sb3I9IiNjYzAwMDAiIHNpemU9IjIiPlNlbnQgZnJv
bSBteSBtb2JpbGUuCiAgICAgICAgICAgICAgICA8QlI+X19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzwvRk9OVD48L1A+CgogICAgICAg
ICAgICAgICAgPFBSRT4KSGV5IGplcmsuIEknbSB0YWxraW5nIHRvIFlPVQoKPC9QUkU+CiAgICAg
ICAgPC9CT0RZPgo8L0hUTUw+Cg==
--1_577AEF37_3309AC80--
===== END SAMPLE MESSAGE =====
There are SO MANY wrong things about this. At the top of the list:
Sprint is adding fraudulent Resent-* headers. This breaks ANY rational
attempt to whitelist in SpamAssassin, which unfortunately trusts the
Resent-From header above all others to the point of ignoring all others
entirely. If I manually remove the Resent-From header, SA sees both the
RFC5321.MailFrom and RFC5322.From values as part of "all '*From' addrs"
but with Resent-From it only sees the local alias to which the SMS was
sent.
Beyond that, this message which started as a 29-character SMS got turned
into 362 characters of HTML with a pointless intro line and nominally
wrapped in a "multipart/related" which in fact was just one part. And
since as an SMS, the original had no Subject, it added on a Subject that
was empty. And to top it off, they EHLO with a bogus name despite having
a perfectly good one available to them.
Given the stupidity with which Sprint handles messages from their
mobiles to the Internet, I have a hard time justifying the work required
to whitelist them. You actually cannot do it now in SpamAssassin without
special rules created just for Sprint and carefully crafted to avoid
applying to anyone else. I see no reason in my circumstances to do that
work. I have complained to Sprint myself as their customer and been lied
to in response. I have complained to them as a postmaster of the US
branch of a well-known Global 50 conglomerate and been ignored. They
have gotten worse over the past 8 years since I held that role, and I
now have far less need to work around their increased brokenness, so I
don't.
One thing that might make sense, if you have the architecture to do it,
is to remove or X- mangle any "Resent-From" headers in messages arriving
on port 25 asserting to be Resent by your own addresses. Sites that
don't need to treat Sprint as a special-needs sender might even reject
messages outright if Resent-From claims an address that should be
sending through port 587 rather than port 25.
