You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Matus UHLAR - fantomas <uh...@fantomas.sk> on 2014/02/19 17:32:37 UTC

DATE_IN_FUTURE_96_Q only hits with ssl-received mail

Hello,

some time ago I was wondering if sendmail changes the Date: header.
The reason was that I've been receiving mail that fired DATE_IN_FUTURE_96_Q
when being received at SMTP level, but not later.

Now I found out that when the same mail is received from the same mail
server, the thing that makes difference is, if it's received over TLS
connection.

Anyone's got an idea how could TLS'ed connection cause DATE_IN_FUTURE_96_Q hitting?


Received: from xxx.xxxxx.sk (xxx.xxxxx.sk [00.11.22.33])
         by fantomas.fantomas.sk (8.14.4/8.14.4/Debian-4) with ESMTP id s1JGLWrb010203
         (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
         for <uh...@fantomas.sk>; Wed, 19 Feb 2014 17:21:43 +0100
Received: from localhost (localhost)
         by xxx.xxxxx.sk  id s1JGKmpI002268-s1JGLTpI002286;
         Wed, 19 Feb 2014 17:21:29 +0100
Date: Wed, 19 Feb 2014 17:21:29 +0100
From: postmaster <po...@xxxxx.sk>
Message-Id: <20...@xxx.xxxxx.sk>
To: uhlar@fantomas.sk
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
         boundary="s1JGKmpI002268-s1JGLTpI002286.1392826889/xxx.xxxxx.sk"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Spam-Flag: YES
X-Spam-Status: Yes, score=6.4 required=3.5 tests=BAYES_99,DATE_IN_FUTURE_96_Q,
         T_MIME_NO_TEXT,T_TVD_MIME_NO_HEADERS autolearn=disabled version=3.3.2
X-Spam-Report: *  3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
         *      [score: 0.9998]
         *  2.9 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: date
         *  0.0 T_TVD_MIME_NO_HEADERS BODY: T_TVD_MIME_NO_HEADERS
         *  0.0 T_MIME_NO_TEXT No (properly identified) text body parts
X-Spam-Level: ******
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on fantomas.fantomas.sk



Received: from xxx.xxxxx.sk (xxx.xxxxx.sk [00.11.22.33])
         by fantomas.fantomas.sk (8.14.4/8.14.4/Debian-4) with ESMTP id s1JG2oqo009909
         for <uh...@fantomas.sk>; Wed, 19 Feb 2014 17:03:00 +0100
Received: from localhost (localhost)
         by xxx.xxxxx.sk  id s1JG2U3m001625-s1JG2o3m001641;
         Wed, 19 Feb 2014 17:02:50 +0100
Date: Wed, 19 Feb 2014 17:02:50 +0100
From: postmaster <po...@xxxxx.sk>
Message-Id: <20...@xxx.xxxxx.sk>
To: uhlar@fantomas.sk
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
         boundary="s1JG2U3m001625-s1JG2o3m001641.1392825770/xxx.xxxxx.sk"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Spam-Flag: YES
X-Spam-Status: Yes, score=3.5 required=3.5 tests=BAYES_99,T_MIME_NO_TEXT,
         T_TVD_MIME_NO_HEADERS autolearn=disabled version=3.3.2
X-Spam-Report: *  3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
         *      [score: 0.9998]
         *  0.0 T_TVD_MIME_NO_HEADERS BODY: T_TVD_MIME_NO_HEADERS
         *  0.0 T_MIME_NO_TEXT No (properly identified) text body parts
X-Spam-Level: ***
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on fantomas.fantomas.sk


-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]

Re: DATE_IN_FUTURE_96_Q only hits with ssl-received mail

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

>On Thu, 2014-03-06 at 11:49 +0100, Matus UHLAR - fantomas wrote:
>> and now I must tell that the workaround does not work.
>>
>> Unfortunately I still get DATE_IN_* issues for mail received via SMTP/SSL

On 06.03.14 11:15, Martin Gregorie wrote:
>Is there any chance that this is due to a man-in-the-middle listener or
>a DMZ firewall with a mis-set date?

no, all that stuff runs on my server. It seems that spamass-milter is pushing
sendmail startup date instead of current date on place of a "b" macro.

...I've been sniffing on localhost spamd port to find this out.
I am playing with sendmail.cf to see if I can do anything with this.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.

Re: DATE_IN_FUTURE_96_Q only hits with ssl-received mail

Posted by Martin Gregorie <ma...@gregorie.org>.

On Thu, 2014-03-06 at 11:49 +0100, Matus UHLAR - fantomas wrote:
> >On 19.02.14 17:32, Matus UHLAR - fantomas wrote:
> >>some time ago I was wondering if sendmail changes the Date: header.
> >>The reason was that I've been receiving mail that fired DATE_IN_FUTURE_96_Q
> >>when being received at SMTP level, but not later.
> >>
> >>Now I found out that when the same mail is received from the same mail
> >>server, the thing that makes difference is, if it's received over TLS
> >>connection.
> 
> On 21.02.14 15:35, Matus UHLAR - fantomas wrote:
> >Also, it seems I have the workaround:
> >
> >The milter macro 'b' seems to work properly when sendmail macro "b" is sent
> >in confMILTER_MACROS_ENVFROM instead of confMILTER_MACROS_ENVRCPT as
> >spamass-milter recommends.
> 
> and now I must tell that the workaround does not work.
> 
> Unfortunately I still get DATE_IN_* issues for mail received via SMTP/SSL
> 
Is there any chance that this is due to a man-in-the-middle listener or
a DMZ firewall with a mis-set date?


Martin

Re: DATE_IN_FUTURE_96_Q only hits with ssl-received mail

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

>On 19.02.14 17:32, Matus UHLAR - fantomas wrote:
>>some time ago I was wondering if sendmail changes the Date: header.
>>The reason was that I've been receiving mail that fired DATE_IN_FUTURE_96_Q
>>when being received at SMTP level, but not later.
>>
>>Now I found out that when the same mail is received from the same mail
>>server, the thing that makes difference is, if it's received over TLS
>>connection.

On 21.02.14 15:35, Matus UHLAR - fantomas wrote:
>Also, it seems I have the workaround:
>
>The milter macro 'b' seems to work properly when sendmail macro "b" is sent
>in confMILTER_MACROS_ENVFROM instead of confMILTER_MACROS_ENVRCPT as
>spamass-milter recommends.

and now I must tell that the workaround does not work.

Unfortunately I still get DATE_IN_* issues for mail received via SMTP/SSL

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.

Re: DATE_IN_FUTURE_96_Q only hits with ssl-received mail

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 19.02.14 17:32, Matus UHLAR - fantomas wrote:
>some time ago I was wondering if sendmail changes the Date: header.
>The reason was that I've been receiving mail that fired DATE_IN_FUTURE_96_Q
>when being received at SMTP level, but not later.
>
>Now I found out that when the same mail is received from the same mail
>server, the thing that makes difference is, if it's received over TLS
>connection.

Looking at spamass-milter sources, this should not be error of
spamass-milter itself. 

Also, it seems I have the workaround:

The milter macro 'b' seems to work properly when sendmail macro "b" is sent
in confMILTER_MACROS_ENVFROM instead of confMILTER_MACROS_ENVRCPT as
spamass-milter recommends.

when spamass-milter does not receive this macro, it logs the macro to be
added to confMILTER_MACROS_ENVRCPT ...
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...