Thunderbird forward as attachment works @50%

[StevenUnderwood]

Wazoo, it would seem to be mx.webminders.com playing with the headers which may be why this reporter is the only one having problems. I'm hoping the deputies can identify a specific problem with the headers to bring to the webminders people.

[Wazoo]

Check my last item ... removal of the three lines of code (in that case) solved the major issue ... I definitely see it as something the parser is seeing and mishandling at present .... The most immediate/obvious result is the lack of the dangling "X" .. the actual 'full' header being shown on the parse result page ... Guess I'm saying, I gave the answer to the Deputies in my first e-mail, definitely have specifics identified in my last ... but whether contacting webminders would be in the cards ...??? at this point, there's no impact other than one reporter (known at this point) and even those problems don't appear ro include self-reporting / feeding the BL ...???? I'm still going with Julian added in a "strip X-Line: data" routine that isn't starting the 'cut' at the right spot ... (or possibly the "X" showing might be a placeholder written back into the header to replace the stripped data, but the insertion code isn't doing what was expected)

[shull2805@spamcop.net]

Wazoo, it would seem to be mx.webminders.com playing with the headers which may be why this reporter is the only one having problems.  I'm hoping the deputies can identify a specific problem with the headers to bring to the webminders people.

25241[/snapback]

It's worth repeating something I said early on in this thread: I didn't have any of these problems until my web host (and email) provider "upgraded" to SmartMax on the server end. (But I must also point out that ~some~ of the spam reaching my Inbox can be parsed/reported successfully.)

Thanks for your help, guys. it's been a very frustrating experience for me.

[StevenUnderwood]

By sheer coincidence, I received a blank spam today in my Inbox, so I did test emailing a full report, emailing a quick report, and using the Report as spam link and can confirm that quick reporting it is accepted/reported without any body.

Report as spam link: http://www.spamcop.net/sc?id=z740727723z19...058b510ac97993z

Email to quick reporting: http://www.spamcop.net/sc?id=z740752650z07...28013aef2664e9z

Email to full reporting: http://www.spamcop.net/sc?id=z740752658z18...979353bcbd8dfbz

[Wazoo]

Interesting, though noting that this wasn't one of those that also carried the short Message-ID: and such ... wondering if 'we' should make a big deal about this????

[Wazoo]

Everybody seems to be running way behind it seems ... Ellen just responded to my first e-mail with a "sending it to Julian" note.

[StevenUnderwood]

Yes, Ellen seems to be catching up today, just received two responses on this topic myself.

[spiralocean]

Just to chime back in about this topic.

After having problems with Thunderbird and forwarding as an attachment, I went back to viewing the message source, copy, open up spamCops reporting page, pasting and reporting.

I can get by with doing all this through the keyboard, so it's not too slow. Here is my process and keyboard shortcuts for those interested.

(command+u) - View message source

(command+a) - Select all

(command+c) - Copy

(command+spacebar) Open LaunchBar

(sp then enter) Open Spamcop reporting web page using launchbar

(tab*2) (command+v) Paste email into spam reporting field

(tab)(spacebar) - Submit spam

when confirmation page opens

(shift+tab*(the number of comment boxes at the bottom of the web page until the "Send spam reports button" is selected) (spacebar)

I almost prefer this method now because there is no keyboard shortcut on the mac for "Forward as attachment" in Thunderbird. And if I forward as attachment I have to wait for the return email and then click on the link to finish reporting.

It also solves my problem with forward as attachment in Thunderbird, because I'm not using it. :-)

On a side note, it urks me a bit that SpamCop is so resistant to other developers developing applications that help the reporting process in SpamCop. (see the creator of the SpamCop application for Mac mail). It's a non issue for me right now because I am using Thunderbird instead of Mac Mail for email. Hopefully someone will develop an extension for Thunderbird that can immediately report spam from Thunderbird.

But who am I to blow against the wind.

[StevenUnderwood]

it urks me a bit that SpamCop is so resistant to other developers developing applications that help the reporting process in SpamCop. (see the creator of the SpamCop application for Mac mail).

I'm sorry that is the way you see it. As I recall the incident, spamcop simple asked that author to rename his application because the spamcop name was already established and this product was not created by them. The reason for this request was the exact problem we had here recently. Someone has a problem, searches on the name spamcop, and comes here looking for support for something not directly related to this application. Also, their testing account was found to be submitting certain emails against the spamcop rules and was cancelled after receiving several (to my knowledge) warnings. If they had followed the spamcop rules, they could have kept their account live.

Spamcop supports third party products to help in submitting spam. In fact spamcop links serveral off of its help pages:http://www.spamcop.net/fom-serve/cache/166.html. The people who wrote these probably had reporting accounts, but they followed the rules.

Also, this very package is link to from: http://www.spamcop.net/fom-serve/cache/282.html. It is that company that has "This software has been demoted to idle mode." per http://www.subsume.com/assembled/SpamCop.html.

[Wazoo]

I can get by with doing all this through the keyboard, so it's not too slow.  Here is my process and keyboard shortcuts for those interested.

I started a "How to use ..." Forum section .. this would be a great addition there (as compared to buried in a long discussion here)

On a side note, it urks me a bit that SpamCop is so resistant to other developers developing applications that help the reporting process in SpamCop.  (see the creator of the SpamCop application for Mac mail).

Not valid. There are a number of other folks that have dealt with SpamCop, even directly with Julian on developing some 'assistant' apps. What has been shot down is anything trying to accomplish "automatuc reporting".... Again, the Subsume issue was based on spam reporting in violation of SpamCop guidelines and some of the conversations that followed the warnings.

As I recall the incident, spamcop simple asked that author to rename his application because the spamcop name was already established and this product was not created by them.

To keep things honest, I can't say that "SpamCop" asked them to change the name. (He even states that Julian had full knowledge of the name and never said anything ...????) I can say that Doc didn't take to my comments on the naming ... my issue was someone arriving in a SpamCop newsgroup complaining about "SpamCop software that had been downloaded/bought" and that there were issues with said software. Not known was whether this "SpamCop software" was some crap that was available on vww.spamcop.com, some garbage that was one available on www.spamcop.org, or this 'new' stuff downloaded from SubSume for the Apple Mail application .... All I can say is that Doc was of the opinion that only an idiot would confuse the issue and different applications ... and of course, a few days later, another user would pop up with a problem with his/her "downloaded SpamCop software" .... On the other hand, I recall a couple of users stating that they had "discovered" SpamCop by stumbling across the "SpamCop software" listing found on VersionTracker ....???

Again, I can't speak for what "SpamCop" said ... and I gave up the argument. It is amazing that all these years later .... <g>

[spiralocean]

Thanks for responding to the SpamCop application issue in a professional manner. You helped to change my view of SpamCop to a more positive one.

It's seems silly that the developer mentioned wouldn't change the name of the application.

I stand corrected.

[shull2805@spamcop.net]

Wazoo, it would seem to be mx.webminders.com playing with the headers which may be why this reporter is the only one having problems.  I'm hoping the deputies can identify a specific problem with the headers to bring to the webminders people.

25241[/snapback]

Steven,

I sent the following email to my Web Hosting /Email provider:

>>

>>Since the changeover to SmartMax/MailMax, I have been experiencing

>>problems reporting spam to SpamCop. Basically, the automated parser

>>says it is unable to locate the body in the email I forward for

>>reporting. However, if you look at the complete message SpamCop

>>received, the body is most definitely there.

>>

>>There is one thing that one of the SpamCop administrators commented on.

>> The mail I forward to SpamCop has a bunch of X-Headers inserted just

>>ahead of the Subject: line. Apparently, this is very unusual, although

>>it does not violate RFC-822. I was wondering if there is anything you

>>can do to change the insertion point for the X-Headers so they go in

>>AFTER the Subject line.

>>

>>Ref:

>>http://forum.spamcop.net/forums/index.php?showtopic=3622&view=findpost&p=25142

>>

I got a very interesting reply:

The reason for this is because our server adds up X- headers for spam/virus scans, and then rewrites the Subject: header depending on whether it thought the message was spam or not. The rewrite is unconditional - if the message is not spam, it just rewrites the header back the way it was before. If it was spam, it inserts *spam* before the subject. Because the rewrite is unconditional, and because in order to rewrite a subject in our mail software (Exim), we have to remove the Subject: line, then add it back in the way we want. Because of this, it ends up at the bottom.

There is absolutely nothing incorrect about how our system operates, and as you/they state it does not violate any RFCs. If SpamCops system is unable to read the messages because of this, this would constitute a "bug" in their mail parser and should be fixed. I have no problems working with them for testing or anything, I just do not feel that because their software can't read a message based on the position of the Subject: header that the "fix" would have to be done on our end. They are likely to encounter other people who may end up with similar messages, as there is nothing unusual with our Exim configuration.

If SpamCop would like more information - we do the Subject: header rewriting at transport time in Exim. We do not use a system filter, as it is overkill for just rewriting a header. If we were to use a system filter, then the Subject: header would be rewritten before the X- headers were inserted. There is also a feature in the newer Exim versions to specify where in the headers to insert new headers, however this does not yet work in the router/transport sections of Exim, so it would not help us in this situation. The best solution is for them to detect the message body very simply based on the newline break between headers & body which is the RFC way of separating the headers from the message body.

I would also like to note that after viewing the messages you posted on the SpamCop forum, some *missing* headers are puzzling me. Our systems format the headers our systems add like this:

X-Headers-Begin: <message id>

X-spam-*: ...

X-Virus-*: ...

X-Headers-End: <message id>

Subject:

The Subject: header is the only header that is outside of the X-Headers-Begin: and X-Headers-End: since it is being rewritten, it will never be inside there (and also there's only allowed one Subject: header). There should also ALWAYS be X-spam-*: and X-Virus-*: headers between those header markers. If the system doesn't scan a message, it will insert a message saying that (it will only pass a scan if the message was too big). Since X- headers can be duplicated, I do not understand why the messages you posted show this:

X-Headers-Begin: 1D8EOz-0002JX-Mw

X-Virus-Scan: YES

X-Headers-End: 1D8EOz-0002JX-Mw

...

X-Headers-Begin: 1D8ESZ-0002u4-O2

X-spam-Flag: NO

X-spam-Level: /

X-spam-Score: 0.0 (0)

X-spam-Report: NO hits=0.0 reqd=7.0 tests=

X-Virus-Scan: YES

X-Headers-End: 1D8ESZ-0002u4-O2

It appears that the message is being passed through our system twice? I did not check all the routing but I did notice our system does appear to touch it twice (I didn't check to find out why). However, I do not know why you do not have any X-spam-*: headers in the first set. The only time you can end up with none of our X-spam-*: or X-Virus-*: headers is if you send a message out with our system to a remote user - it will strip out our custom headers (not the X-Headers-*: ones though) before sending since those headers are not relevant for remote systems (thus, removed).

Eli.

ExpertHost Support

http://www.experthost.com/

----------------------------------------

[Wazoo]

I know you were talking to Steven, but .... this is one of those things that died for a but, so I was thinking that the "sent to Julian" note had acomplished the mission, code was changed, and the problem went away (quietly) ...

I agree with your support guy, (noting that he verily backed up my "manipulation" words <g>) .. and I'm pretty sure I was sticking pretty close to my perception that the primary issue was a SpamCop parsing code bit all the way along ... This is the first I've heard from either side of the fence on current status ... so the real question is .. are your submittals still showing the 'dangling X' ????

[shull2805@spamcop.net]

Wazoo, you had the problem pegged from the get-go. I hadn't heard anything lately either, so (erroneously) assumed the problem still existed. But I just forwarded a couple of spam from my Inbox to my submit address at SpamCop. No dangling 'X', no error messages saying the body of the email was missing, no problems at all. I'm a happy camper. Thanks to all who helped on this one.

- Steve

[Wazoo]

Hey thanks for that follow-up. As far as the 'fix' .. this is just the way Julian works the magic .. he may have known about it before, but it hadn't made it to the top of the list, it might have been some troubleshooting code, it might have been fallout from a change elsewhere, but when it was pointed out to be an issue, something got changed, and he moved on to the next problem ... no fanfare ... the "notice" given is that the problem isn't there any more <g>

[Jeff G.]

"Pay no attention to the man behind the curtain!" (Title Character, The Wizard of Oz, ca. 1939)