Re: 8bit encoding in mail header by SpamAssassin

On Sun, 2007-10-14 at 13:15 +1000, Lars Ippich wrote:

> > Hmm, while the descriptions in the X-Spam-Status header definitely
> > contained German Umlauts... I seem to remember seeing a list of Bayes
> > tokens in there, too?
> >
> > How does such a header look like again exactly? :)
>
> There you go:
>
> > X-Spam-Report: SpamAssassin 3.2.3 on host vmail
> > scan-date = Sat, 13 Oct 2007 10:08:20 +0200
> > score = -5.5
> > bayes-score = 0.5
> > bayes-token-summary = Bayes not run.
> > bayes-token-spam-count =
> > bayes-token-ham-count =
> > bayes-token-spam = Tokens not available.
> > bayes-token-ham = Tokens not available.
> > bayes-auto-learned = failed
> > possible-languages =
> > relayed-countries = _RELAYCOUNTRY_
> > pyzor =
> > [...]
> > ==== ======================
> ==================================================
> > pts rule name description
> > ---- ---------------------- --------------------------------------------------
> > -1.4 ALL_TRUSTED Nachricht wurde nur über vertrauenswürdige Rechner
> > weitergeleitet
> > -0.1 EXIM_SENDER_VERIFY_SUCCEEDED Sender Address accepts mail
> > -4.0 EXIM_AUTH Sender is authenticated

Wait a minute...

That does *not* look like the default X-Spam-Report header as inserted when using report_safe 0. That looks like a custom added header. And a broken one, frankly...

The stock X-Spam-Status header looks like this. Note the bullet list, a more dense format and no "table" header. X-Spam-Report:

• 4.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
• [score: 1.0000]
• 1.5 IXHASH BODY: classified as spam @ iX Magazine, Germany

The thingy above looks suspiciously like a custom header. The lower part, the rule detail list, is almost identical to the stock report_template used with report_safe 1 or 2 -- placed inside a mail body, FWIW. The part above that seems to be highly customized to me. And the _RELAYCOUNTRY_ string hints that this custom template doesn't work as expected...

Anyway, even when using the stock X-Spam-Report header with a German locale -- does SA actually use the localized strings?

This sure would result in possibly sneaking in 8bit chars, even using iso-8859-1 encoding (which 30_text_de.cf does).

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek

> > I already deleted this thread (since it didn't seem all too interesting
> > to me ;), but unless I am seriously mistaken and my memory plays foul
> > trick on me: The quoted header in question is X-Spam-Report, and the
> > German Umlauts appeared as part of the rule description.
> >
> > This text does not come from the original message unquoted, but is a
> > part of the (localized) SA rules.
>
> This is true as you can tell from the headers above.
>
> > Interestingly, 'file' reports 30_text_de.cf to be ISO-8859 English text
> > on my SA 3.2.0 installation. Did this change till 3.2.3? Are these
> > custom changed descriptions?
>
> I am going to get this checked.

Another bunch of questions I'd ask that admin are details about this header. How he generates it, how (and using what tool) he inserts these headers into the mail, why he does so...

  guenther

-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}