spamassassin-users June 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: NO_RELAYS spam

Re: NO_RELAYS spam

From: Randy Ramsdell <rramsdell_at_nospam>
Date: Fri Jun 18 2010 - 15:41:58 GMT
To: users@spamassassin.apache.org

David B Funk wrote:
> On Thu, 17 Jun 2010, Randy Ramsdell wrote:
>
>
>> get us added to lists, but Michael stated "then, check the blacklists to
>> see how to get removed." as if we are already on a list. We are not.
>>
>> Back to the main issue.
>>
>> Here is an example pastbin. http://pastebin.com/mJqRPzkv
>>
>> I found this message in the logs and it comes from yahoo. I don't think
>> I will focus on our forms because general mail also has its received
>> headers stripped. So the question is is what is doing this? I need help
>> to determine how to isolate this problem down. If it is postfix, I will
>> go to there lists etc... I have not implemented any rules that strip
>> received headers nor do I want to.
>>
>> Thanks,
>> RCR
>>
>
> Given that it looks like something is taking the original "To:" header,
> mutating it into "X-Original-To:" then adding that bogus
> "To: <undisclosed recipients:>" and adding a
>
> "X-Virus-Scanned: amavisd-new at activedatatech.net" header
> I would guess that it's your amavisd-new process (or something in
> its path) that is doing the header damaging.
>
> Check the Amavisd site/list for trouble-shooting hints & tips.
>
> There may be a way to put a 'tee' filter before & after amavisd in your
> postfix confiuration.
>
>
However, all the emails without the received header field do not show
this. It is in this specific pastbin example that you see this. Using
sendmail without certain areguments will cause the To: field to show up
as <undisclosed recipients:>.