Jump to content

Thunderbird and SpamAssassin forwading messages


JormaH
 Share

Recommended Posts

Hi.

I wonder why manual method of forwarding spam message do work, but automatic filter method does not.

- I use SAProxy + SpamAssassin as frontend of Thunderbird POP3 email client.

- SpamAssassin encapsulates original message as MIME or TXT attachment and rewrite message subject as ***spam** or whatever I want to.

- Then my Thunderbird messagefilter moves SpamAssassin marked email to "spam" folder

- Next I manually forward message with original attachment to SpamCop

- using my address: Forward your spam to: submit.abcdefg[at]spam.spamcop.net

- After a while I get SpamCop Autoresponder telling that I have 2 email waiting my action

- I click the 2nd (later) link and SpamCop reporting is ok

Here is one sample that kind of message:

Use links to finish spam reporting (members use cookie-login please!):

xxxx://www.spamcop.net/sc?id=z1669947048zbe3f3c4ce89d5f0c743aed15c7fa17aaz

xxxx://www.spamcop.net/sc?id=z1669947051z535a0a4d06180f016d89129f8b2512ebz

and

Here is your TRACKING URL - it may be saved for future reference:

xxxx://www.spamcop.net/sc?id=z1669947051z535a0a4d06180f016d89129f8b2512ebz

But. If I construct email filter that

- automatically forward ***spam*** email to SpamCop service

- filter use the same address as above (submit.abcdefg[at]spam.spamcop.net)

- I get back autoresponder that there are only one (1) email waiting

- and if I try to use that link to reporting spam

- I got message that tells me:

* No source IP address found, cannot proceed.

* No source IP address found, cannot proceed.

* Probably not full headers - see FAQ:

And here is that kind of sample:

Use links to finish spam reporting (members use cookie-login please!):

xxxx://www.spamcop.net/sc?id=z1670412151z7dfd463672edababe45f94d22fd09deez

Here is your TRACKING URL - it may be saved for future reference:

xxxx://www.spamcop.net/sc?id=z1670412151z7dfd463672edababe45f94d22fd09deez

No source IP address found, cannot proceed.

Is that error of Thunderbird message filter (forwarding)?

Or what difference SpamCop see those two messages?

SpamAssassin configuration is same in both methods.

System configuration:

- WinXP Pro SP2

- Thunderbird 2.0.0.9 (20071031)

- SAProxy 3.2.3.3 uses SpamAssassin v3.2.1, DCC v1.3.58 and Razor v2.84.

SAProxy rules

----------------

required_score 5.0

# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) --- I tried all of them

report_safe 2

# How do I set up SpamAssassin to work with SpamCop?

skip_rbl_checks 1

required_hits 6

auto_report_threshold 30

rewrite_subject 0

report_header 1

use_terse_report 1

defang_mime 0

spam_level_stars 0

# Enable or disable network checks

use_razor2 1

use_dcc 1

use_pyzor 1

use_razor1 1

Best regards,

Jorma Hytonen

Finland

Link to comment
Share on other sites

Here is one sample that kind of message:

Use links to finish spam reporting (members use cookie-login please!):

http://www.spamcop.net/sc?id=z1669947048zb...3aed15c7fa17aaz

...

And here is that kind of sample:

Use links to finish spam reporting (members use cookie-login please!):

http://www.spamcop.net/sc?id=z1670412151z7...5f94d22fd09deez

First one: Header wrapping is not correct. If a header is wrapped, the first few characters (not sure the number) should be blank.

Second one: There should not be a blank line until the end of the headers. It looks like one of the processes is introducing that, causing the problem.

X-Account-Key: account2
X-Mozilla-Keys:                                                                                 
X-SAproxy-Timeout: 0

>From XaviershePatel[at]yahoo.com Thu Feb 21 20:33:11 2008

Link to comment
Share on other sites

X-Account-Key: account2
X-Mozilla-Keys:                                                                                 
X-SAproxy-Timeout: 0

>From XaviershePatel[at]yahoo.com Thu Feb 21 20:33:11 2008

So, if ">From" is real header, I can rewrite it something else, and avoid of blank lines???

# Uncomment the line below if you do not wish SpamAssassin

# to rewrite the subject of the messages tagged as spam.

#

rewrite_header Subject *****spam*****

rewrite_header >From ***Removed by SpamAsassin***

I must try that.

Still, I don't know where that ">" comes from - maybe from Thunderbird.

It's same in all messages, spam or not.

Regards,

Jorma

Link to comment
Share on other sites

So, if ">From" is real header, I can rewrite it something else, and avoid of blank lines???
Hi, Jorma!...IMHO, not advisable because you may find yourself in violation of the policy you will find by clicking on a link in the SpamCop FAQ (see link near top left of most any SpamCop Forum page) labeled "Material changes to spam" (also see link labeled "What if I break the rule(s)?"). You could check with the SpamCop Deputies (e-mail deputies[at]admin.spamcop.net) as to whether this change would constitute a rule violation.
<snip>

It's same in all messages, spam or not.

Regards,

Jorma

..."spam" is a trademark of Hormel Corporation, so please do not use it here to refer to unsolicited e-mail (spam). Please see "spam and the Internet," especially the third paragraph. Thanks for complying with Hormel's polite request! :) <g>
Link to comment
Share on other sites

You could check with the SpamCop Deputies (e-mail deputies[at]admin.spamcop.net) as to whether this change would constitute a rule violation....

Ok.

So it's nothing to do. If I don't get SpamAssassin to strip out that ">" before From header?

R- Jorma

Link to comment
Share on other sites

Ok.

So it's nothing to do. If I don't get SpamAssassin to strip out that ">" before From header?

There's a lot more wrong than that with that submission I think. Here's what the parse/pre-parse successfully stripped out of a trial forward as attachment submission (cancelled) I just made:
From - Sat Feb 23 22:29:58 2008

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00800000

Message-ID: <47C01FD5.3060004[at]iinet.net.au>

Date: Sat, 23 Feb 2008 22:29:57 +0900

From: me <my.munge>

Reply-To: me <my.munge>

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414

X-Accept-Language: en, en-us

MIME-Version: 1.0

To: SpamCop <submit.mysubmitcode[at]spam.spamcop.net>

Subject: [Fwd: Exchange Adviser: The six-layered secret of effective Exchange Server email filtering]

Content-Type: multipart/mixed;

boundary="------------020808040006020805010608"

This is a multi-part message in MIME format.

--------------020808040006020805010608

Content-Type: text/plain; charset=us-ascii; format=flowed

Content-Transfer-Encoding: 7bit

--------------020808040006020805010608

Content-Type: message/rfc822;

name="Exchange Adviser: The six-layered secret of effective Exchange Server emailfiltering"

Content-Transfer-Encoding: 7bit

Content-Disposition: inline;

filename="Exchange Adviser: The six-layered secret of effective Exchange Server emailfiltering"

[original message, forwarded]

--------------020808040006020805010608--

There would be further headers when it was passed on to SC which are also "handled".

The actual spam you were trying to report seems to be (dates altered to keep within submission limit):

http://www.spamcop.net/sc?id=z1674333847ze...;action=display

If I got that right, there is a bucket load of extra stuff in your submissions that isn't being stripped out before the parser gets to work. My example shows what it takes out of a "proper" forward. No doubt there are variations but you seem to have a heap of stuff to suppress. Comparing (the same) manual and automated submissions is the way to go, which I think you were doing?

A very old discussion here mentioned using report_safe 0 - I have no clue about that, I just note it is not what you're using.

Link to comment
Share on other sites

A very old discussion here mentioned using report_safe 0 - I have no clue about that, I just note it is not what you're using.

Ok, I try to use all of them.

Now I'm using settings:

# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)

report_safe 1

report_safe_copy_headers Received

And of course

# How do I set up SpamAssassin to work with SpamCop?

And this works fine when I'm using manual forwarding, with or witout attachment.

With attachments I'v got back two links and both of them are working:

SpamCop is now ready to process your spam.

Use links to finish spam reporting (members use cookie-login please!):

http://www.spamcop.net/sc?id=z1675926854z8...c28f15225ede40z

http://www.spamcop.net/sc?id=z1675926855z1...513299706664ecz

But please read more. I'v done some researching:

---------------------------------------------------------

That strange ">" comes before From field am I using SA or not.

But as you can read later, that's not the point!

I have POPFile before TB which classifying mail and in there everything is ok, so without >From

or any extra blank lines.

Received: from pool-72-88-224-69.nwrknj.east.verizon.net (pool-72-88-224-69.nwrknj.east.verizon.net [72.88.224.69])
by ppp2.sicom.fi (2.5 Build 2640 (Berkeley 8.8.6)/8.8.4) with ESMTP
id JAA32257 for &lt;myname.hytonen[[at]]mydomain.fi&gt;; Sun, 24 Feb 2008 09:04:10 +0200
Message-ID: &lt;000901c876b9$074c5331$0c9780be[[at]]qduyrw&gt;
From: "darbee job" &lt;yale[[at]]atomis.com&gt;
To: &lt;myname.hytonen[[at]]mydomain.fi&gt;

But after TB has received mail there is that ">" character, but no extra lines.

And SpamCop can parse it.

Without SA

X-Mozilla-Status: 	0001
X-Mozilla-Status2: 	10000000
X-Mozilla-Keys:	
&gt;From yale[[at]]atomis.com Sun Feb 24 09:	 04:11 2008 

In HEX after X-Mozilla-Keys: x2000 x0900 x0D00 x0A00 x3E00

With SA:

Manually Forwarding as attachment, there comes strange characters (x09) before >From field

but SpamCop can still recognize them.

X-Mozilla-Status: 	0001
X-Mozilla-Status2: 	10000000
X-Mozilla-Keys: 	
X-SAproxy-Timeout: 	0
 &gt;From yale[[at]]atomis.com Sun Feb 24 09:	 04:11 2008 

In HEX after X-Mozilla-Keys: x2000 x0900 x0D00 x0A00

And after X-SAproxy-Timeout: x2000 x0900 x3000 x0D00 x0A00 x2000 x3E00

Manually Forwarding as inline (or message body), there are no extra characters.

X-SAproxy-Timeout: 	0
&gt;From yale[[at]]atomis.com Sun Feb 24 09:	 04:11 2008 

In HEX after X-SAproxy-Timeout: x2000 x2000 x2000 x2000 x2000 x3000 x0D00 x0A00 x3E00

But when I try to use message filter OR using some Add-On I explain later:

X-Mozilla-Keys:																				 
X-SAproxy-Timeout: 0

&gt;From yale[[at]]atomis.com Sun Feb 24 09:	 04:11 2008 

In HEX after X-SAproxy-Timeout: x2000 x3000 x0D00 x0A00 x0D00 x0A00 x3E00

As you can see, there are extra LF/CR characters, why?

That cause blank line before >From fileld and that's the reason why SpamCop breaks and stop reading headers. It assumes that headers are finnished. Am I right?

Then I modify old KnujOn Add-On to use SpamCop address and try to send message with this new Add-On installed in TB. Message was sent with attachment, but again there are those extra LF/CR.

So, I think the problem is not in SpamAssassin, but instead inside TB way to handle attachments, when they are trying to send with messagefilter or some Add-On.

Unfortunately I can't add attachment and send Add-On's java scri_pt code to you with this forum.

So I include some functions, which my modified Add-On use to send messages.

Original author: KnujOn: Secondwheel, Vadim

function SendMailTo(emailAddress, attachmentURIs)
{

  var fields = Components.classes["[at]mozilla.org/messengercompose/composefields;1"].createInstance(Components.interfaces.nsIMsgCompFields);
  var params = Components.classes["[at]mozilla.org/messengercompose/composeparams;1"].createInstance(Components.interfaces.nsIMsgComposeParams);

  if (emailAddress &amp;&amp; fields &amp;&amp; params)
  {
	 var attachmentURI = ""
	  for (var i=0; i&lt;attachmentURIs.length; i++)
	  {
		 var attachment = Components.classes["[at]mozilla.org/messengercompose/attachment;1"].createInstance(Components.interfaces.nsIMsgAttachment);
		 attachment.url = attachmentURIs[i];
		 fields.addAttachment(attachment);
	 }

	 params.originalMsgURI = attachmentURI;

	fields.to = emailAddress;
	fields.subject = "[SpamCop Thunderbird Plugin] spam Report";	 
	fields.body = msg_spamMessageBody.replace("#1", attachmentURIs.length);
	params.type = Components.interfaces.nsIMsgCompType.ForwardAsAttachment; // ForwardAsAttachment or New
	params.format = Components.interfaces.nsIMsgCompFormat.PlainText;
	params.identity = accountManager.getFirstIdentityForServer(GetLoadedMsgFolder().server);
	params.composeFields = fields;
	params.sendListener = sendListener;
	msgComposeService.OpenComposeWindowWithParams(null, params);
  }

}

function spamReportJunk(event) {

	MsgJunkMailInfo(true);
	var view = GetDBView();

	// need to expand all threads, so we find everything
	view.doCommand(nsMsgViewCommandType.expandAll);

	  var attachmentURIs = new Array;

	var treeView = view.QueryInterface(Components.interfaces.nsITreeView);
	var count = treeView.rowCount;
	if (count) {
		var treeSelection = treeView.selection;

		var clearedSelection = false;

			var pref = Components.classes["[at]mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);

			var attachMax = 300; // default
		if( pref.prefHasUserValue("spam.attachmax") ) {
		  attachMax = pref.getIntPref("spam.attachmax");
		}

		// select the junk messages
		for (var i = 0; i &lt; count &amp;&amp; attachmentURIs.length &lt; attachMax; i++) {
			var messageUri = view.getURIForViewIndex(i);
			var msgHdr = messenger.messageServiceFromURI(messageUri).messageURIToMsgHdr(messageUri);
			var junkScore = msgHdr.getStringProperty("junkscore");		   
			var isJunk = ((junkScore != "") &amp;&amp; (junkScore != "0"));
			// var msgFrom = msgHdr.getStringProperty("&gt;From");
			// msgHdr.setStringProperty("From");

			// if the message is junk, attach it.
			if (isJunk) {
			  attachmentURIs.push(messageUri);
			}
		}

			//alert(treeSelection.count + " junk mails found, "+ attachmentURIs.toString());
			//alert(treeSelection.count + "|junk mails found");
			if(0 == attachmentURIs.length)
			{
				  alert(msg_spamNoJunk);
				  return;
			}

		// grab reporting address

		var spamemail = "submit.myaccountaddress[[at]]spam.spamcop.net";

		if( pref.prefHasUserValue("spam.reportemail") )
		{
		  spamemail = pref.getCharPref("spam.reportemail");
		}
		// if not found, defaults to nonregistered silently


		if( pref.prefHasUserValue("spam.action") ) {
		  var action = pref.getIntPref("spam.action");
		}
			else {
			   var action = 2;
		}
			sendListener.action = action;
		sendListener.sentUris = attachmentURIs;

		   SendMailTo(spamemail, attachmentURIs);

	 } // if(count)

} // function spamReportJunk

With this Add-On same thing happens. It includes those extra LF/CR characters before <From field.

I'm very confusing.

Next thing in monday morning is to go back to MS Outlook and try reporting junkmails to SpamCop.

Now I think. that can I use some headerparser function in my Add-On to strip away unwanted lines or characters?

var hdrParser = Components.classes["[at]mozilla.org/messenger/headerparser;1"].getService(Components.interfaces.nsIMsgHeaderParser);
var fromField = hdrParser.parseHeadersWithArray(???);
if (fromField &gt; 0)
{
  var num = 0;
  for (i=0; i&lt;fromField; i++) {
	  // do something
	   num++;
  }
}

I don't find any description to parseHeadersWithArray() function, where I can catch From field.

But do I need this Add-On? Ok it would be nice to forward all junkmails in one mail. On one button.

And then get back responce that I have: [spamCop] has accepted 8 emails for processing

_________________

Regards- Jorma

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The hardest part of solving a problem is often formulating the right question.

The answer is out there, somewhere.

-- By Espen Andersen

Link to comment
Share on other sites

Hi,

I found the solution.

Like my modified java scri_pt, I found an other Add-On from the internet (Google is powerfull)

---------------------

Mail Redirect 0.7.4

http://mailredirect.mozdev.org/

Tekijänä Pawel Krzesniak

Allow to redirect (a.k.a. "bounce") mail messages to other recipients

---------------------

This Add-On allows select junkmails (1 or more at time) and send (redirect) them to SpamCop.

It's exatly the same mail what I try to forward with TB's messagefilter, so after SA has process it.

Redirected mails includes SA's encapsulated attachments and SpamCop can handle them ok.

Settings in SA is:

# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)

report_safe 1

# Take Received field from the original message and copy it into the wrapper header

report_safe_copy_headers Received

Btw, here are full documentation of SA

http://spamassassin.apache.org/full/3.2.x/...assin_Conf.html

Next thing that I try, is to modify Mail Redirect 0.7.4 Add-On so, that in my variation there is complete SpamCop.net address ready to redirect.

See this sample:

SpamCop is now ready to process your spam.

Use links to finish spam reporting (members use cookie-login please!):

http://www.spamcop.net/sc?id=z1676724703z5...445f8febd990bez

http://www.spamcop.net/sc?id=z1676724704z6...d6c90e1df7abbbz

Link to comment
Share on other sites

There are two problems.

One problem is that there is a blank line in the headers.

SpamCop is looking for the full headers in one contiguous block of text, followed by a blank line, which signals the end of the headers, and then followed by the body text of the spam. The parse won't accept headers if there is no body text with them.

In the emails you're submitting, there is a two-line statement at the top of the headers, which is followed by a blank line.

SAproxy believes that this mail is spam. The original message

has been attached intact in RFC 822 format.

When SpamCop parses the spam, all it sees is those two lines, so it balks and gives you the "No source IP" error.

The second problem is that there isn't any source information in the headers for SpamCop to look at. SpamAssassin is replacing the source information with its own localhost info.

SpamAssassin should be set to "add x-headers" instead of "rewrite/enclose".

SpamAssassin vs 'localhost' headers:

The parameter is report_safe

report_safe = 0 indicates "add x-headers"

report_safe = 1 is "rewrite/enclose"

It may be found in local.cfile or .userprefs file depending on the SA setup.

Also... You might consider putting MailWasher ahead of Thunderbird so that your incoming email is downloaded to MailWasher first so that you can send your spam to us directly from MailWasher.

- Don D'Minion - SpamCop Admin -

Link to comment
Share on other sites

Also... You might consider putting MailWasher ahead of Thunderbird so that your incoming email is downloaded to MailWasher first so that you can send your spam to us directly from MailWasher.

Do we have mixed replys here?

Look above:

Hi,

I found the solution.

Like my modified java scri_pt, I found an other Add-On from the internet (Google is powerfull)

---------------------

Mail Redirect 0.7.4

http://mailredirect.mozdev.org/

Tekijänä Pawel Krzesniak

Allow to redirect (a.k.a. "bounce") mail messages to other recipients

---------------------

Link to comment
Share on other sites

I include discussion what I have with Thunderbird forum.

Testing received and forwarded mail with Thunderbird

Mail without any proxy

TB settings:

* server: pop3.mydomain.fi:110

* username: myusername

Finnish translations

--------------------

Aihe = Subject

Lähettäjä = From

Päiväys = Date

Vastaanottaja = To

TB's Received mail was printed to file as generic-text, so line wraps occurs.

--------ooo----------

1) Sending mail from Gmail to Thunderbird

Received Headers:
	 Aihe: TB mail test without any proxy
	 Lähettäjä: "Jorma Hytönen" &lt;jorma&gt;
	 Päiväys: Mon, 25 Feb 2008 10:10:37 +0200
	 Vastaanottaja: "Jorma Hytönen" &lt;jorma&gt;
	 X-Account-Key: account2
	 X-UIDL: &lt;cab9cc6f0802250010v7064407fx6b4efb3463258f65&gt;1b5da
	 X-Mozilla-Status: 0001
	 X-Mozilla-Status2: 00000000
	 &gt;From jorma.hytonen[[at]]gmail.com Mon Feb 25 10: 17:04 2008
	 Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.227]) by ppp2.sicom.fi (2.
	 &lt;jorma&gt;; Mon, 25 Feb 2008 10:17:03 +0200
	 Received: by wr-out-0506.google.com with SMTP id 71so2384613wri.5 for &lt;jorma&gt;; Mon,

--------ooo----------

2) Next try to build messagefilter to Forward my gmail back to jorma.hytonen[[at]]gmail.com

* Subject includes: TB forwarding

* Forward to address: jorma.hytonen[[at]]gmail.com

TB Received Headers
	 Aihe: TB forwarding
	 Lähettäjä: "Jorma Hytönen" &lt;jorma&gt;
	 Päiväys: Mon, 25 Feb 2008 10:23:33 +0200
	 Vastaanottaja: "Jorma Hytönen" &lt;jorma&gt;
	 X-Account-Key: account2
	 X-UIDL: &lt;cab9cc6f0802250023i6a731047q4aaf15ae014d1ad8&gt;1b795
	 X-Mozilla-Status: 0001
	 X-Mozilla-Status2: 00000000
	 &gt;From jorma.hytonen[[at]]gmail.com Mon Feb 25 10: 29:28 2008
	 Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.233]) by ppp2.sicom.fi (2.
	 &lt;jorma&gt;; Mon, 25 Feb 2008 10:29:27 +0200
	 Received: by wr-out-0506.google.com with SMTP id 71so2391729wri.5 for &lt;jorma&gt;; Mon,

TB's messagefilter forwards message back to Gmail

Let's see what we get to Gmail.

Delivered-To: jorma.hytonen[[at]]gmail.com
Received: by 10.114.47.5 with SMTP id u5cs198835wau;
		Mon, 25 Feb 2008 00:24:18 -0800 (PST)
Received: by 10.86.59.2 with SMTP id h2mr2621172fga.19.1203927857111;
		Mon, 25 Feb 2008 00:24:17 -0800 (PST)
Return-Path: &lt;jorma&gt;
Received: from ppp2.sicom.fi ([83.145.254.3])
		by mx.google.com with ESMTP id d6si5918132fga.9.2008.02.25.00.24.15;
		Mon, 25 Feb 2008 00:24:17 -0800 (PST)
Received-SPF: neutral (google.com: 83.145.254.3 is neither permitted nor denied by best guess record for domain of jorma.hytonen[[at]]sicom.fi) client-ip=83.145.254.3;
Authentication-Results: mx.google.com; spf=neutral (google.com: 83.145.254.3 is neither permitted nor denied by best guess record for domain of jorma.hytonen[[at]]sicom.fi) smtp.mail=jorma.hytonen[[at]]sicom.fi
Received: from [127.0.0.1] ([83.145.255.120] (may be forged))
		  by ppp2.sicom.fi (2.5 Build 2640 (Berkeley 8.8.6)/8.8.4) with ESMTP
	  id KAA20082 for &lt;jorma&gt;; Mon, 25 Feb 2008 10:30:05 +0200
Message-ID: &lt;47C27B32&gt;
Date: Mon, 25 Feb 2008 10:24:18 +0200
From: =?ISO-8859-1?Q?Jorma_Hyt=F6nen?= &lt;jorma&gt;
Reply-To: jorma.hytonen[[at]]sicom.fi
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: jorma.hytonen[[at]]gmail.com
Subject: [Fwd: TB forwarding]
Content-Type: multipart/mixed;
 boundary="------------020907070909050601030600"

This is a multi-part message in MIME format.
--------------020907070909050601030600
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


--------------020907070909050601030600
Content-Type: message/rfc822;
 name="TB forwarding.eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="TB forwarding.eml"

X-Account-Key: account2
X-Mozilla-Keys:																				 
&gt;From jorma.hytonen[[at]]gmail.com Mon Feb 25 10:29:28 2008
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.233])
		  by ppp2.sicom.fi (2.5 Build 2640 (Berkeley 8.8.6)/8.8.4) with ESMTP
	  id KAA20076 for &lt;jorma&gt;; Mon, 25 Feb 2008 10:29:27 +0200
Received: by wr-out-0506.google.com with SMTP id 71so2391729wri.5
		for &lt;jorma&gt;; Mon, 25 Feb 2008 00:23:35 -0800 (

--------ooo----------

3) Next try to build messagefilter to forward message to SpamCop.

* Subject includes: TB forwarding

* Forward to address: submit.myownspamaccount[[at]]spam.spamcop.net

Therefore I first send mail from Gmail to TB

TB Received Headers as above Gmail test.

So, lets have a look what was forwarded to SpamCop:

[Fwd: TB forwarding]																						  


	 Aihe: [Fwd: TB forwarding]
	 Lähettäjä: Jorma Hytönen &lt;jorma&gt;
	 Päiväys: Mon, 25 Feb 2008 10:43:07 +0200
	 Vastaanottaja: submit.xd8WFrRhj0j4A1lC[[at]]spam.spamcop.net
	 X-Mozilla-Status: 0001
	 X-Mozilla-Status2: 00800000
	 Viestin tunnus: &lt;47C27F9B&gt;
	 Vastausosoite: jorma.hytonen[[at]]sicom.fi
	 Asiakasohjelma: Thunderbird 2.0.0.9 (Windows/20071031)
	 MIME-versio: 1.0
	 Content-Type: multipart/mixed; boundary="------------060205010203020708040504"



	 Aihe: TB forwarding
	 Lähettäjä: "Jorma Hytönen" &lt;jorma&gt;
	 Päiväys: Mon, 25 Feb 2008 10:41:59 +0200
	 Vastaanottaja: "Jorma Hytönen" &lt;jorma&gt;
	 X-Account-Key: account2
	 &gt;From jorma.hytonen[[at]]gmail.com Mon Feb 25 10: 47:55 2008
	 Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.229]) by ppp2.sicom.fi (2.
	 &lt;jorma&gt;; Mon, 25 Feb 2008 10:47:54 +0200
	 Received: by wr-out-0506.google.com with SMTP id 71so2401952wri.5 for &lt;jorma&gt;; Mon,
	 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:re
	 bh=bYJctlE4Z9OV5surICU5FsnPUcSla87iFkgW+NppIBQ=;
	 b=wnTw7vABTUk4GegHfV9iBpgsX4qwTXlJ7XuHx4We/NObJEIsQP1ECiEzqS8QMjnDHbgDxSGIL+RgWsthL6W4GxUinLE7Dsk3cU
	 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mi
	 b=SQcTlnmibSX54dvbUCeoHbn22fsDXqYfhqZSVXEbr+k1E9mN60wpr3abWN0bTt4AKZEiPo3iHq5P4RLYIRt74pWjqj0fg/LSWL
	 Received: by 10.114.179.1 with SMTP id b1mr3158022waf.143.1203928919640; Mon, 25 Feb 2008 00:41:59 -
	 Received: by 10.114.47.5 with HTTP; Mon, 25 Feb 2008 00:41:59 -0800 (PST)
	 Viestin tunnus: &lt;cab9cc6f0802250041y1c071139u26848f6edea47b2&gt;
	 MIME-versio: 1.0
	 Content-Type: multipart/alternative; boundary="----=_Part_9686_1858760.1203928919641"

	 Testing TB forwarding to SpamCop

With TB this was include as *.eml attachment:

TB forwarding																								 


	 Aihe: TB forwarding
	 Lähettäjä: "Jorma Hytönen" &lt;jorma&gt;
	 Päiväys: Mon, 25 Feb 2008 10:41:59 +0200
	 Vastaanottaja: "Jorma Hytönen" &lt;jorma&gt;
	 X-Account-Key: account2
	 &gt;From jorma.hytonen[[at]]gmail.com Mon Feb 25 10: 47:55 2008
	 Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.229]) by ppp2.sicom.fi (2.
	 &lt;jorma&gt;; Mon, 25 Feb 2008 10:47:54 +0200
	 Received: by wr-out-0506.google.com with SMTP id 71so2401952wri.5 for &lt;jorma&gt;; Mon,
	 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:re
	 bh=bYJctlE4Z9OV5surICU5FsnPUcSla87iFkgW+NppIBQ=;
	 b=wnTw7vABTUk4GegHfV9iBpgsX4qwTXlJ7XuHx4We/NObJEIsQP1ECiEzqS8QMjnDHbgDxSGIL+RgWsthL6W4GxUinLE7Dsk3cU
	 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mi
	 b=SQcTlnmibSX54dvbUCeoHbn22fsDXqYfhqZSVXEbr+k1E9mN60wpr3abWN0bTt4AKZEiPo3iHq5P4RLYIRt74pWjqj0fg/LSWL
	 Received: by 10.114.179.1 with SMTP id b1mr3158022waf.143.1203928919640; Mon, 25 Feb 2008 00:41:59 -
	 Received: by 10.114.47.5 with HTTP; Mon, 25 Feb 2008 00:41:59 -0800 (PST)
	 Viestin tunnus: &lt;cab9cc6f0802250041y1c071139u26848f6edea47b2&gt;
	 MIME-versio: 1.0
	 Content-Type: multipart/alternative; boundary="----=_Part_9686_1858760.1203928919641"

	 Testing TB forwarding to SpamCop

And now waiting, what SpamCop do with AutoResponder......

SpamCop is now ready to process your spam.
Use links to finish spam reporting (members use cookie-login please!):
http://www.spamcop.net/sc?id=mymailid

And now click that link and we have a look, what SpamCop sees our message,

exiting. Nothing found?

Parsing header:

This header is incomplete. Please supply the full headers of the spam you're trying to report.

No source IP address found, cannot proceed.

No tracking information found in header:

X-Account-Key: account2
X-Mozilla-Keys:																				 

Probably not full headers - see FAQ:

View entire message:

X-Account-Key: account2
X-Mozilla-Keys:																				 

&gt;From jorma.hytonen[[at]]gmail.com Mon Feb 25 10:47:55 2008
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.229])
		  by ppp2.sicom.fi (2.5 Build 2640 (Berkeley 8.8.6)/8.8.4) with ESMTP
	  id KAA20333 for &lt;x&gt;; Mon, 25 Feb 2008 10:47:54 +0200
Received: by wr-out-0506.google.com with SMTP id 71so2401952wri.5
		for &lt;x&gt;; Mon, 25 Feb 2008 00:42:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
		d=gmail.com; s=gamma;
		h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
		bh=bYJctlE4Z9OV5surICU5FsnPUcSla87iFkgW+NppIBQ=;
		b=wnTw7vABTUk4GegHfV9iBpgsX4qwTXlJ7XuHx4We/NObJEIsQP1ECiEzqS8QMjnDHbgDxSGIL+RgWsthL6W4GxUinLE7Dsk3cUk2A0KyDaxthAENa646coAZb8GZqgv4GCj36kryTD57r4IhaSCz579viMssjgidYgyjL/FI4js=
DomainKey-Signature: a=rsa-sha1; c=nofws;
		d=gmail.com; s=gamma;
		h=message-id:date:from:to:subject:mime-version:content-type;
		b=SQcTlnmibSX54dvbUCeoHbn22fsDXqYfhqZSVXEbr+k1E9mN60wpr3abWN0bTt4AKZEiPo3iHq5P4RLYIRt74pWjqj0fg/LSWL9whIXuE58PdCGK7195I18y4vOVbhlD7rJXMdN/XzBUPP/U+TAtM27+17QG0/vdnm1tPr1RMak=
Received: by 10.114.179.1 with SMTP id b1mr3158022waf.143.1203928919640;
		Mon, 25 Feb 2008 00:41:59 -0800 (PST)
Received: by 10.114.47.5 with HTTP; Mon, 25 Feb 2008 00:41:59 -0800 (PST)
Message-ID: &lt;cab9___________________________________47b2&gt;
Date: Mon, 25 Feb 2008 10:41:59 +0200
From: "=?ISO-8859-1?Q?Jorma_Hyt=F6nen?=" &lt;jorma&gt;
To: "x" &lt;x&gt;
Subject: TB forwarding

As you can see, there are again those extra LF/CR characters,

after X-Mozilla-Keys: causing blank line. And SpamCop stop parsing headers.

--------ooo----------

4) Now, I do manual forwadring exatly the same mail we send above.

* And same headers again

* Let's wait again.... SpamCop responder.

And now we have a link to follow:

SpamCop is now ready to process your spam. And there it is:

-------- Alkuperäinen viesti / Orig.Msg. --------
From: 	- Mon Feb 25 10:43:07 2008
X-Account-Key: 	account2
X-UIDL: 	&lt;cab9___________________________________47b2&gt;1b432
X-Mozilla-Status: 	0001
X-Mozilla-Status2: 	00000000
X-Mozilla-Keys: 	
 &gt;From jorma.hytonen[[at]]gmail.com Mon Feb 25 10: 	47:55 2008
Received: 	from wr-out-0506.google.com (wr-out-0506.google.com 
[64.233.184.229]) by ppp2.sicom.fi (2.5 Build 2640 (Berkeley 
8.8.6)/8.8.4) with ESMTP id KAA20333 for &lt;x&gt;; Mon, 
25 Feb 2008 10:47:54 +0200
Received: 	by wr-out-0506.google.com with SMTP id 71so2401952wri.5 for 
&lt;x&gt;; Mon, 25 Feb 2008 00:42:01 -0800 (PST)

View entire message

-------- Alkuperäinen viesti / Orig.Msg. --------
From: 	- Mon Feb 25 10:43:07 2008
X-Account-Key: 	account2
X-UIDL: 	&lt;cab9___________________________________47b2&gt;1b432
X-Mozilla-Status: 	0001
X-Mozilla-Status2: 	00000000
X-Mozilla-Keys: 	
 &gt;From jorma.hytonen[[at]]gmail.com Mon Feb 25 10: 	47:55 2008
Received: 	from wr-out-0506.google.com (wr-out-0506.google.com 
[64.233.184.229]) by ppp2.sicom.fi (2.5 Build 2640 (Berkeley 
8.8.6)/8.8.4) with ESMTP id KAA20333 for &lt;x&gt;; Mon, 
25 Feb 2008 10:47:54 +0200
Received: 	by wr-out-0506.google.com with SMTP id 71so2401952wri.5 for 
&lt;x&gt;; Mon, 25 Feb 2008 00:42:01 -0800 (PST)
DKIM-Signature: 	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; 
s=gamma; 
h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; 
bh=bYJctlE4Z9OV5surICU5FsnPUcSla87iFkgW+NppIBQ=; 
b=wnTw7vABTUk4GegHfV9iBpgsX4qwTXlJ7XuHx4We/NObJEIsQP1ECiEzqS8QMjnDHbgDxSGIL+RgWsthL6W4GxUinLE7Dsk3cUk2A0KyDaxthAENa646coAZb8GZqgv4GCj36kryTD57r4IhaSCz579viMssjgidYgyjL/FI4js= 

DomainKey-Signature: 	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; 
h=message-id:date:from:to:subject:mime-version:content-type; 
b=SQcTlnmibSX54dvbUCeoHbn22fsDXqYfhqZSVXEbr+k1E9mN60wpr3abWN0bTt4AKZEiPo3iHq5P4RLYIRt74pWjqj0fg/LSWL9whIXuE58PdCGK7195I18y4vOVbhlD7rJXMdN/XzBUPP/U+TAtM27+17QG0/vdnm1tPr1RMak= 

Received: 	by 10.114.179.1 with SMTP id 
b1mr3158022waf.143.1203928919640; Mon, 25 Feb 2008 00:41:59 -0800 (PST)
Received: 	by 10.114.47.5 with HTTP; Mon, 25 Feb 2008 00:41:59 -0800 (PST)
Message-ID: 	&lt;cab9___________________________________47b2&gt;
Date: 	Mon, 25 Feb 2008 10:41:59 +0200
From: 	Jorma Hytönen &lt;jorma&gt;
To: 	Jorma Hytöx &lt;x&gt;
Subject: 	TB forwarding

Now SpamCop can parse full headers.

Parsing header:

Received:  from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.229]) by ppp2.sicom.fi (2.5 Build 2640 (Berkeley 8.8.6)/8.8.4) with ESMTP id KAA20333 for &lt;x&gt;; Mon, 25 Feb 2008 10:47:54 +0200
64.233.184.229 found
host 64.233.184.229 = wr-out-0506.google.com (cached)
wr-out-0506.google.com is 64.233.184.229
Possible spammer: 64.233.184.229
64.233.184.229 is not an MX for wr-out-0506.google.com
Host wr-out-0506.google.com (checking ip) = 64.233.184.239
64.233.184.229 is not an MX for wr-out-0506.google.com
wr-out-0506.google.com is 64.233.184.229
wr-out-0506.google.com = 64.233.184.229
Received line accepted
Relay trusted (64.233.184)

This test was implemented without any proxy

Either POPFile or SAProxy has nothing to do with messagefilter.

I switch back to POPFile and SAProxy + Mail Redirect Add-On

So, after a while, this is my system

Traslate from finnish: Palomuuri = Firewall

sawin-client.jpg

---------ooo-----------

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...