You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Jonathan Nichols <jn...@pbp.net> on 2007/08/20 23:31:00 UTC

blank mail with pdf attachment slipping right through

I had one slip right through.

Looks like PDFInfo.pm loaded too..

Aug 20 14:05:59 mailgate postfix/qmgr[4397]: 6BD0419D66: 
from=<Ty...@ginacrespo.com>, size=32111, nrcpt=1 (queue active)
Aug 20 14:05:59 mailgate postfix/smtpd[2391]: disconnect from 
localhost[127.0.0.1]
Aug 20 14:05:59 mailgate amavis[16284]: (16284-18) FWD via SMTP: 
<Ty...@ginacrespo.com> -> <vo...@pbp.net>, 250 2.6.0 Ok, 
id=16284-18, from MTA([127.0.0.1]:10025): 250 Ok: queued as 6BD0419D66
Aug 20 14:05:59 mailgate postfix/smtp[13016]: 6BD0419D66: 
to=<vo...@pbp.net>, relay=192.168.10.35[192.168.10.35], delay=0, 
status=sent (250 2.0.0 Ok: queued as 1585B99D58)
Aug 20 14:05:59 mailgate amavis[16284]: (16284-18) Passed SPAMMY, 
[132.126.187.69] <Ty...@ginacrespo.com> -> <vo...@pbp.net>, 
Message-ID: <20...@mailgate.pbp.net>, mail_id: 
SXfaWsT-IsWM, Hits: 11.945, queued_as: 6BD0419D66, 15867 ms
Aug 20 14:05:59 mailgate postfix/qmgr[4397]: 6BD0419D66: removed
Aug 20 14:05:59 mailgate amavis[16284]: (16284-18) TIMING [total 15881 
ms] - SMTP EHLO: 8 (0%)0, SMTP pre-MAIL: 1 (0%)0, lookup_sql: 11 (0%)0, 
SMTP pre-DATA-flush: 5 (0%)0, SMTP DATA: 70 (0%)1, body_digest: 6 (0%)1, 
gen_mail_id: 1 (0%)1, mime_decode: 78 (0%)1, get-file-type1: 38 (0%)1, 
parts_decode: 1 (0%)1, AV-scan-1: 32 (0%)2, lookup_sql: 9 (0%)2, 
spam-wb-list: 5 (0%)2, SA msg read: 9 (0%)2, SA parse: 24 (0%)2, SA 
check: 15370 (97%)99, SA finish: 11 (0%)99, update_cache: 11 (0%)99, 
decide_mail_destiny: 3 (0%)99, fwd-connect: 23 (0%)99, fwd-mail-from: 3 
(0%)99, fwd-rcpt-to: 3 (0%)99, fwd-data-cmd: 1 (0%)99, write-header: 4 
(0%)99, fwd-data-contents: 12 (0%)99, fwd-data-end: 94 (1%)100, 
fwd-rundown: 3 (0%)100, prepare-dsn: 2 (0%)100, main_log_entry: 33 
(0%)100, update_snmp: 5 (0%)100, unlink-1-files: 3 (0%)100, rundown: 1 
(0%)100
Aug 20 14:05:59 mailgate postfix/smtp[9818]: 46112526E: 
to=<vo...@pbp.net>, relay=127.0.0.1[127.0.0.1], delay=20, status=sent 
(250 2.6.0 Ok, id=16284-18, from MTA([127.0.0.1]:10025): 250 Ok: queued 
as 6BD0419D66)
Aug 20 14:05:59 mailgate amavis[16284]: (16284-18) Requesting process 
rundown after 20 tasks (and 18 sessions)
Aug 20 14:05:59 mailgate amavis[16284]: (16284-18) extra modules loaded: 
Mail/SpamAssassin/Locales.pm, Mail/SpamAssassin/Plugin/Bayes.pm, 
Mail/SpamAssassin/Plugin/BodyEval.pm, Mail/SpamAssassin/Plugin/Check.pm, 
Mail/SpamAssassin/Plugin/DNSEval.pm, 
Mail/SpamAssassin/Plugin/HTMLEval.pm, 
Mail/SpamAssassin/Plugin/HTTPSMismatch.pm, 
Mail/SpamAssassin/Plugin/HeaderEval.pm, 
Mail/SpamAssassin/Plugin/ImageInfo.pm, 
Mail/SpamAssassin/Plugin/MIMEEval.pm, 
Mail/SpamAssassin/Plugin/PDFInfo.pm, 
Mail/SpamAssassin/Plugin/RelayEval.pm, 
Mail/SpamAssassin/Plugin/URIDetail.pm, 
Mail/SpamAssassin/Plugin/URIEval.pm, 
Mail/SpamAssassin/Plugin/VBounce.pm, Mail/SpamAssassin/Plugin/WLBLEval.pm
Aug 20 14:05:59 mailgate postfix/qmgr[4397]: 46112526E: removed


--

And here are the headers from the email. It was blank, but had a PDF 
attached.

Return-Path: <Ty...@ginacrespo.com>
Delivered-To: jnichols@pbp.net
Received: from mailgate.pbp.net (unknown [192.168.10.3])
	by mail.pbp.net (Postfix) with ESMTP id 1585B99D58
	for <vo...@pbp.net>; Mon, 20 Aug 2007 14:09:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by mailgate.pbp.net (Postfix) with ESMTP id 6BD0419D66
	for <vo...@pbp.net>; Mon, 20 Aug 2007 14:05:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at pbp.net
Received: from mailgate.pbp.net ([127.0.0.1])
	by localhost (mailgate.pbp.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id SXfaWsT-IsWM for <vo...@pbp.net>;
	Mon, 20 Aug 2007 14:05:43 -0700 (PDT)
Received: from ip117-137-211-87.adsl2.versatel.nl 
(ip117-137-211-87.adsl2.versatel.nl [87.211.137.117])
	by mailgate.pbp.net (Postfix) with ESMTP id 46112526E
	for <vo...@pbp.net>; Mon, 20 Aug 2007 14:05:39 -0700 (PDT)
Received: from [132.126.187.69] by ip117-137-211-87.adsl2.versatel.nl 
with HTTP;
	Mon, 20 Aug 2007 22:57:54 +0200
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 20 Aug 2007 22:57:44 +0200
To: vonage@pbp.net
From: "Hirani" <Ty...@ginacrespo.com>
Subject:
Mime-Version: 1.0
Content-Type: multipart/mixed;

--

So.. something b0rked in my SA config somewhere? Or do I need to 
strangle an amavisd daemon somewhere? :|

Re: blank mail with pdf attachment slipping right through

Posted by Jari Fredriksson <ja...@iki.fi>.

> I had one slip right through.
> 
> Looks like PDFInfo.pm loaded too..
> 
> 
> --
> 
> And here are the headers from the email. It was blank,
> but had a PDF attached.
> 
> Received: from [132.126.187.69] by
> ip117-137-211-87.adsl2.versatel.nl with HTTP;


Try Botnet -plugin. It would have saved ya.