From: Kurt H Maier <khm@sciops.net>
To: 9front@9front.org
Subject: Re: *****SPAM***** [9front] test
Date: Tue, 22 Sep 2020 12:38:34 -0700 [thread overview]
Message-ID: <20200922193834.GB55738@wopr> (raw)
In-Reply-To: <20200922205721.27248d34@lenovo.sphairon.box>
This is where the confusion is coming from. Notes inline.
On Tue, Sep 22, 2020 at 08:57:21PM +0200, Stefan Hertenberger wrote:
> Return-Path: <9front-bounces@ewsd.inri.net>
> X-Original-To: stefan@alarum.de
> Delivered-To: stefan@alarum.de
> Received: from ewsd.inri.net (ewsd.inri.net [107.191.116.128])
> by alarum.de (Postfix) with ESMTP id 4FFC71B8D67
> for <stefan@alarum.de>; Mon, 21 Sep 2020 17:41:37 +0200 (CEST)
This is the Received header that alarum SpamAssassin should be looking
at.
> Received: from out0.migadu.com ([94.23.1.103]) by ewsd; Mon Sep 21
> 11:40:32 EDT 2020 Message-ID: <1E3083B627E4EDD1DF08AA61E95E4DA2@a-b.xyz>
This is the one it's actually looking at, which is why it's blaming
migadu for all kinds of shenanigans. I don't know why it's choosing the
wrong one, but the fact that the second line is incorrectly folded may
be causing the system to read the header as ending after "Mon Sep 21".
Proper folding would have immediately followed the linebreak with a
folding-whitespace character (ascii space or tab).
> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and
> include these headers. From: kvik@a-b.xyz
Same thing here. Note the embedded header in this header. Valid, but
could confuse software in this case, especially as I see no sign of an
actual From: header in the rest of the message. The improper folding
might be causing SA to identify this as the From: header.
> X-Bullshit: virtualized metadata metadata-based dependency-aware
> backend Subject: *****SPAM***** [9front] test
More improper folding, leading to the Subject: line being munged.
Something is mangling messages before they're getting handed to
SpamAssassin. The copy I received on my mailserver was not mangled, so
I must presume it's something on vbsd.alarum.de. The fact that the SPF
testing is in the SA report but not set as headers tells me it's likel
that the SA run was done after receipt of the message instead of during
the SMTP handshake, so the problem is somewhere between your MTA and
your SpamAssassin run.
The absent From: header combined with the mangled X-Abuse: header
probably tricked SA into applying the NTLD rules for .xyz. That
problem would be fixed alongside the other mangling-based problems, but
I really do recommend turning those rules off anyway, or at least
whitelisting TLDs you know people are legitimately using.
Hope this helps,
khm
prev parent reply other threads:[~2020-09-22 19:38 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-21 15:40 test kvik
2020-09-21 17:12 ` [9front] test Stanley Lieber
2020-09-21 17:16 ` hiro
2020-09-21 17:36 ` ori
2020-09-21 17:40 ` Stanley Lieber
2020-09-21 17:51 ` ori
2020-09-21 17:59 ` ori
2020-09-21 18:27 ` Kurt H Maier
2020-09-21 17:58 ` hiro
2020-09-21 18:42 ` Stanley Lieber
2020-09-21 21:40 ` hiro
2020-09-21 22:20 ` hiro
2020-09-22 12:57 ` Ethan Gardener
2020-09-22 13:12 ` hiro
2020-09-21 17:59 ` Lyndon Nerenberg
2020-09-21 17:54 ` *****SPAM***** " Stefan Hertenberger
2020-09-21 20:33 ` Kurt H Maier
2020-09-21 21:23 ` kvik
2020-09-21 21:36 ` Kurt H Maier
2020-09-21 21:42 ` kvik
2020-09-21 21:57 ` Kurt H Maier
2020-09-21 22:32 ` kvik
2020-09-22 1:04 ` Kurt H Maier
2020-09-21 22:16 ` hiro
2020-09-22 18:57 ` Stefan Hertenberger
2020-09-22 19:38 ` Kurt H Maier [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200922193834.GB55738@wopr \
--to=khm@sciops.net \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).