You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <cp...@earthlink.net> on 2004/07/21 00:44:10 UTC
Odd message
I'm not sure what to make of this. First of all instead of being in my spam
folder it was in my inbox. I'll show the headers and maybe someone has an
idea, this is from "view all headers" in Kmail:
Date: Tue, 20 Jul 2004 11:29:16 -0700 (PDT)
X-ELNK-AV: 0
X-Spam-DCC: MessageCare: chris.localdomain 1108; Body0Fuz10Fuz21
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chris.localdomain
X-Spam-Level: ******************************************
X-Spam-Status: Yes, hitsB.8 required~0 tests«_URI_RBL,AM_BODY_PLING,
BAYES_99,HTML_MESSAGE,MIME_HTML_ONLY,OB_URI_RBL,RCVD_IN_DSBL,
RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,RCVD_IN_OPM,RCVD_IN_OPM_HTTP,
RCVD_IN_SORBS,RCVD_IN_SORBS_HTTP,RM_t_bobbf,SARE_HTML_INV_TAG2,
SARE_HTML_INV_TAG3,SARE_HTML_P_BREAKcb,SPAMCOP_URI_RBL,WS_URI_RBL
autolearnO versionN63
X-Spam-Pyzor: Reported 0 times.
X-Spam-Report:
Below is when "viewing msg as plain txt"
Date: Tue, 20 Jul 2004 11:29:16 -0700 (PDT)
X-ELNK-AV: 0
X-Spam-DCC: MessageCare: chris.localdomain 1108; Body=1 Fuz1=1 Fuz2=1
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chris.localdomain
X-Spam-Level: ******************************************
X-Spam-Status: Yes, hits=42.8 required=5.0 tests=AB_URI_RBL,AM_BODY_PLING,
BAYES_99,HTML_MESSAGE,MIME_HTML_ONLY,OB_URI_RBL,RCVD_IN_DSBL,
RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,RCVD_IN_OPM,RCVD_IN_OPM_HTTP,
RCVD_IN_SORBS,RCVD_IN_SORBS_HTTP,RM_t_bobbf,SARE_HTML_INV_TAG2,
SARE_HTML_INV_TAG3,SARE_HTML_P_BREAKcb,SPAMCOP_URI_RBL,WS_URI_RBL
autolearn=no version=2.63
X-Spam-Pyzor: Reported 0 times.
Now the hits are correct as well as the required along with the rest of the
information. Did SA burp on this one or something?
--
Chris
Registered Linux User 283774 http://counter.li.org
5:32pm up 21 days, 22:54, 2 users, load average: 0.56, 0.78, 1.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You know the great thing about TV? If something important happens
anywhere at all in the world, no matter what time of the day or night,
you can always change the channel.
-- Jim Ignatowski
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Odd message
Posted by Matt Kettler <mk...@evi-inc.com>.
At 06:44 PM 7/20/2004, Chris wrote:
>I'm not sure what to make of this. First of all instead of being in my spam
>folder it was in my inbox. I'll show the headers and maybe someone has an
>idea, this is from "view all headers" in Kmail:
It would appear that your mail client decided to treat the spam score as a
QP encoded text character.
42 is decimal for ASCII "B", and QP characters are encoded by = followed by
2 digits.
=42.8 decodes to B.8
X-Spam-Status: Yes, hitsB.8 required~0 tests«_URI_RBL,AM_BODY_PLING,
> BAYES_99,HTML_MESSAGE,MIME_HTML_ONLY,OB_URI_RBL,RCVD_IN_DSBL,
>Below is when "viewing msg as plain txt"
>
>X-Spam-Status: Yes, hits=42.8 required=5.0 tests=AB_URI_RBL,AM_BODY_PLING,
Re: Odd message
Posted by Bob Apthorpe <ap...@cynistar.net>.
Hi,
On Tue, 20 Jul 2004 17:44:10 -0500 Chris <cp...@earthlink.net> wrote:
> I'm not sure what to make of this. First of all instead of being in my spam
> folder it was in my inbox. I'll show the headers and maybe someone has an
> idea, this is from "view all headers" in Kmail:
Looks like Kmail is improperly decoding the headers as quoted-printable:
The following script is qp.pl:
#!/usr/bin/perl -w
$rawhdr=<<"HERE";
Date: Tue, 20 Jul 2004 11:29:16 -0700 (PDT)
X-ELNK-AV: 0
X-Spam-DCC: MessageCare: chris.localdomain 1108; Body=1 Fuz1=1 Fuz2=1
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chris.localdomain
X-Spam-Level: ******************************************
X-Spam-Status: Yes, hits=42.8 required=5.0 tests=AB_URI_RBL,AM_BODY_PLING,
BAYES_99,HTML_MESSAGE,MIME_HTML_ONLY,OB_URI_RBL,RCVD_IN_DSBL,
RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,RCVD_IN_OPM,RCVD_IN_OPM_HTTP,
RCVD_IN_SORBS,RCVD_IN_SORBS_HTTP,RM_t_bobbf,SARE_HTML_INV_TAG2,
SARE_HTML_INV_TAG3,SARE_HTML_P_BREAKcb,SPAMCOP_URI_RBL,WS_URI_RBL
autolearn=no version=2.63
X-Spam-Pyzor: Reported 0 times.
HERE
open OFH, '|qpd.pl';
print OFH $rawhdr;
close OFH;
__END__
# The following is qpd.pl, needed due to MIME::Decoder's abyssmal "sod off, you
# procedural programming troglodytes!" documentation. It wouldn't kill you to
# let someone program against your effing module without having to jump
# through arcane IO redirection hoops or subclass it into something sensible.
#!/usr/bin/perl -w
use MIME::Decoder;
$decoder = new MIME::Decoder "quoted-printable" or die "unsupported";
$decoder->decode(\*STDIN, \*STDOUT);
Running qp.pl, I get
Date: Tue, 20 Jul 2004 11:29:16 -0700 (PDT)
X-ELNK-AV: 0
X-Spam-DCC: MessageCare: chris.localdomain 1108; Body=1 Fuz1=1 Fuz2=1
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chris.localdomain
X-Spam-Level: ******************************************
X-Spam-Status: Yes, hitsB.8 required=5.0 tests«_URI_RBL,AM_BODY_PLING,
BAYES_99,HTML_MESSAGE,MIME_HTML_ONLY,OB_URI_RBL,RCVD_IN_DSBL,
RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,RCVD_IN_OPM,RCVD_IN_OPM_HTTP,
RCVD_IN_SORBS,RCVD_IN_SORBS_HTTP,RM_t_bobbf,SARE_HTML_INV_TAG2,
SARE_HTML_INV_TAG3,SARE_HTML_P_BREAKcb,SPAMCOP_URI_RBL,WS_URI_RBL
autolearn=no version=2.63
X-Spam-Pyzor: Reported 0 times.
Compare:
Raw: X-Spam-Status: Yes, hits=42.8 required=5.0 tests=AB_URI_RBL,AM_BODY_PLING,
Decoded: X-Spam-Status: Yes, hitsB.8 required=5.0 tests«_URI_RBL,AM_BODY_PLING,
KMail: X-Spam-Status: Yes, hitsB.8 required~0 tests«_URI_RBL,AM_BODY_PLING,
Apparently MIME::Decode doesn't translate '=5.' to '~' as Kmail does.
Who knows what awful things you can make Kmail do by sending it an
appropriately malcoded message...? File a bug.
> Now the hits are correct as well as the required along with the rest of the
> information. Did SA burp on this one or something?
I think Kmail has indigestion. I traded Kmail for Sylpheed and haven't
looked back.
-- Bob
Re: Odd message
Posted by Evan Platt <ev...@espphotography.com>.
At 03:44 PM 7/20/2004, you wrote:
>I'm not sure what to make of this. First of all instead of being in my spam
>folder it was in my inbox. I'll show the headers and maybe someone has an
>idea, this is from "view all headers" in Kmail:
<SNIP>
>Now the hits are correct as well as the required along with the rest of the
>information. Did SA burp on this one or something?
Well, without knowing HOW a message is supposed to go into your spam
folder, I don't think anyone here can tell you.
A little more information is needed. How is SA called? How is mail supposed
to be 'moved'?
Evan
Re: Odd message
Posted by Loren Wilton <lw...@earthlink.net>.
> Below is when "viewing msg as plain txt"
>
> X-Spam-Level: ******************************************
> X-Spam-Status: Yes, hits=42.8 required=5.0 tests=AB_URI_RBL,AM_BODY_PLING,
>
> Now the hits are correct as well as the required along with the rest of
the
> information. Did SA burp on this one or something?
I don't think SA burped, it seems to have rightly (I assume) classified this
as spam. It is whatever comes after SA that takes that knowledge and routes
the message to the right place that somehow burpred.
Loren
Re: Odd message
Posted by Chris <cp...@earthlink.net>.
On Wednesday 21 July 2004 12:45 pm, Jonas Eckerman wrote:
> On Tue, 20 Jul 2004 17:44:10 -0500, Chris wrote:
> > maybe someone has an idea, this is from "view all headers" in
> > Kmail:
>
> [...]
>
> > X-Spam-Status: Yes, hitsB.8 required~0
> > tests«_URI_RBL,AM_BODY_PLING,
> >
> > Below is when "viewing msg as plain txt"
>
> [...]
>
> > X-Spam-Status: Yes, hits=42.8 required=5.0
> > tests=AB_URI_RBL,AM_BODY_PLING,
>
> Seems like "Kmail" is buggy. It acts as if the headers are encoded with
> Quoted-Printable even though there's no such indicator. Get the author of
> "Kmail" to read the RFCs that specifies how MIME is used to encode 8-bit
> characters in headers.
>
> > Did SA burp on this one or something?
>
> No. SA created perfectly valid and good headers.
>
Thanks Jonas and to all who replied. I would imagine the bug has already
been fixed. I'm running a pretty old version of Kmail - 1.4.3 and KDE
3.0.3 with Mandrake 9.0. I've just never had the inclination to upgrade
since the system is setup just the way I like it. As I told Matt in
another message, thats the only time I've seen this since I've been running
SA (about 4 months) and it hasn't happened since.
Thanks again for all the replys.
--
Chris
Registered Linux User 283774 http://counter.li.org
8:22pm up 23 days, 1:43, 2 users, load average: 0.83, 0.84, 0.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Even the best of friends cannot attend each other's funeral.
-- Kehlog Albran, "The Profit"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Live - From Virgin Radio UK Rod Stewart - Maggie May
Re: Odd message
Posted by Jonas Eckerman <jo...@frukt.org>.
On Tue, 20 Jul 2004 17:44:10 -0500, Chris wrote:
> maybe someone has an idea, this is from "view all headers" in
> Kmail:
[...]
> X-Spam-Status: Yes, hitsB.8 required~0
> tests«_URI_RBL,AM_BODY_PLING,
> Below is when "viewing msg as plain txt"
[...]
> X-Spam-Status: Yes, hits=42.8 required=5.0
> tests=AB_URI_RBL,AM_BODY_PLING,
Seems like "Kmail" is buggy. It acts as if the headers are encoded with Quoted-Printable even though there's no such indicator. Get the author of "Kmail" to read the RFCs that specifies how MIME is used to encode 8-bit characters in headers.
> Did SA burp on this one or something?
No. SA created perfectly valid and good headers.
Regards
/Jonas
--
Jonas Eckerman, jonas_lists@frukt.org
http://www.fsdb.org/