Closed gaaf closed 5 years ago
This message is badly broken by X-Spam_report
header. No way.
Just in case of confusion: in a email message everything after double newline character must be treated as body. And there is clearly one in X-Spam_report
header. Bad symbols are bad but not critical. Double newline just breaks headers parsing.
Sorry, my editor removed the trailing whitespace. I edited the report, those double CRLF are now gone.
Can you please provide a link to the commit/fix instead of just closing the issue?
I've provided all information in my comments. Resolution: not a bug, won't fix.
As I already mentioned directly after your comment, I fixed the erroneous double CRLF invalidating your analysis.
Can you please explain why this is not a bug?
I have removed crappy SA headers and here is scan result for your message:
[Metric: default]
Action: no action
Spam: false
Score: 3.19 / 15.00
Symbol: ARC_NA (0.00)
Symbol: ASN (0.00)[asn:20857, ipnet:149.210.128.0/17, country:NL]
Symbol: CTYPE_MIXED_BOGUS (1.00)
Symbol: DATE_IN_PAST (1.00)
Symbol: DKIM_TRACE (0.00)[lists.kamailio.org:-]
Symbol: DMARC_NA (0.00)[example.com]
Symbol: FROM_HAS_DN (0.00)
Symbol: FROM_NEQ_ENVFROM (0.00)[sender@example.com, sr-users-bounces@lists.kamailio.org]
Symbol: HAS_LIST_UNSUB (-0.01)
Symbol: HAS_REPLYTO (0.00)[sr-users@lists.kamailio.org]
Symbol: MAILLIST (-0.20)[mailman]
Symbol: MIME_BASE64_TEXT (0.10)
Symbol: MIME_GOOD (-0.10)[multipart/mixed, multipart/alternative, text/plain]
Symbol: MIME_TRACE (0.00)[0:+, 1:+, 2:+, 4:+]
Symbol: MV_CASE (0.50)
Symbol: RCPT_COUNT_ONE (0.00)[1]
Symbol: RCVD_COUNT_FIVE (0.00)[5]
Symbol: RCVD_IN_DNSWL_LOW (-0.10)[29.149.210.149.list.dnswl.org : 127.0.5.1]
Symbol: RCVD_TLS_LAST (0.00)
Symbol: R_DKIM_REJECT (1.00)[lists.kamailio.org]
Symbol: R_SPF_NA (0.00)
Symbol: TO_DN_ALL (0.00)
Message-ID: E7015E63-E006-4E30-9313-851CB7F2424E@palner.com
What symbols are you interested in?
And yes, X-Spam_report
headers are totally broken.
I have removed crappy SA headers and here is scan result for your message:
Thanks for looking into this further.
And yes,
X-Spam_report
headers are totally broken.
Can you please elaborate a bit on why it is totally broken? Every "continued"-line of that header indents with at least one space character. There are some 8-bit characters in it that might be illegal, but my MTA, MDA and MUA's surely don't have a problem with it. Rspamd is, afaik, the only one failing in the whole chain.
I can try to get the sender to fix the sending side if necessary, but i will at least have to tell them (in detail) what is wrong with the header(s).
Finally found an validator online: https://www.mimevalidator.net/index.html
That one confirms the header is broken because of 8-bit characters in it. Maybe rspamd can be taught to handle those, like most MTA, MDA and MUA's?
Well, you are using obsolete FWS syntax according to RFC2822:
4.2. Obsolete folding white space
In the obsolete syntax, any amount of folding white space MAY be
inserted where the obs-FWS rule is allowed. This creates the
possibility of having two consecutive "folds" in a line, and
therefore the possibility that a line which makes up a folded header
field could be composed entirely of white space.
obs-FWS = 1*WSP *(CRLF 1*WSP)
In fact, it should be supported. However, I'm not completely sure how. I will check more.
8bit elements in headers are not basically permitted but that's not the source of this error.
Aha, I've found the relevant trace: https://github.com/rspamd/rspamd/issues/2349
Classification (Please choose one option):
Reproducibility (Please choose one option):
Rspamd version:
1.7.9
Operation system, CPU:
Debian sid, amd64
Description (Please provide a descriptive summary of the issue):
rspamd assigns some symbols i would not have expected from the message. This happens on a lot of messages from a specific mailinglist. The messages probably include some syntax that is invalid and/or trips a bug in rspamd (maybe the empty X-Spam-Level: header or the invalid characters in the X-Spam_report header?).
In the example message below, the following symbols seem to be assigned in error: R_MISSING_CHARSET (charset is in the individual parts) BROKEN_CONTENT_TYPE (looks like a valid multipart to me) MISSING_SUBJECT (there is a subject!)
Expected results:
None of the mentioned symbols
Actual results:
Symbol: R_MISSING_CHARSET(2.50) Symbol: BROKEN_CONTENT_TYPE(1.50) Symbol: MISSING_SUBJECT(2.00)
Configuration (e.g.
rspamadm configdump module
):Section module NOT FOUND
Additional information:
Example message: