You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2018/08/24 21:33:09 UTC
[Bug 7601] New: The X-Ham-Report heater violates RFC 5532
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7601
Bug ID: 7601
Summary: The X-Ham-Report heater violates RFC 5532
Product: Spamassassin
Version: 3.4.2
Hardware: All
OS: Linux
Status: NEW
Severity: critical
Priority: P2
Component: spamassassin
Assignee: dev@spamassassin.apache.org
Reporter: chl@clerew.man.ac.uk
Target Milestone: Undefined
Created attachment 5581
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5581&action=edit
Headers and start of Body
The attached file is typical of that produced by Spamassasin.
The critical lines in it are:
X-Ham-Report: Spam detection software, running on the system
"phantom.hostingseries.net",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: On 23/08/18 16:49, Charles Lindsey wrote: > They have
migrated
us without warning, in spite of my efforts to get > them to hold off until
an account control@usenet.org.uk had been created > and our do
Content analysis details: (1.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP
1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
anti-forgery methods
This is a "folded header" (and mail agents may refold it for display, but I
have shown what was on-the-wire). The empty line above the " Content analysis
details:" and in other places actually contains a single space, which purports
to ensure that the whole of what I have shown constitutes a single
X-Ham-Report: header.
But RFC5322, which is the current Internet Standard for email, explicitly
states in section 3.2.2 that
...... However, where CFWS occurs in this specification, it MUST NOT
be inserted in such a way that any line of a folded header field is
made up entirely of WSP characters and nothing else.
Evidently this is because buggy software is likely to interpret that apparently
empty line as the separator between the Headers and the Body of the message
(which is supposed to be a blank line with Nothing in it).
And such buggy software undoubtedly exists (STUMP is the the immediate cause of
my concern, but Google reveals many examples of similar problems going back
over many years).
It is clearly intolerable that Spamassassin should be generating
non-standard-compliant emails.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7601] The X-Ham-Report heater violates RFC 5532
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7601
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@apache.org
--- Comment #2 from Kevin A. McGrail <km...@apache.org> ---
I have reported the issue previously to cPanel. Will escalate.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7601] The X-Ham-Report heater violates RFC 5532
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7601
Bill Cole <sa...@billmail.scconsult.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sa-bugz-20080315@billmail.s
| |cconsult.com
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #1 from Bill Cole <sa...@billmail.scconsult.com> ---
There is no code in the current (or recent) SpamAssassin codebase which adds a
"X-Ham-Report" header.
Apparently the cPanel server management tool does this, which may be the source
of your problem. It is probably best to direct your bug report to cPanel, if
you are using their software.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7601] The X-Ham-Report heater violates RFC 5532
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7601
Bill Cole <sa...@billmail.scconsult.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|critical |trivial
Priority|P2 |P5
--
You are receiving this mail because:
You are the assignee for the bug.