SpamAssassin header confusion
I'm struggling to understand an aspect of SpamAssassin headers, and would greatly appreciate any help. Here is my scenario:
One of my mailbox addresses - say addr1@somewhere.com - is a member of a Mailman 3 mailing list.
I send a spam email (e.g. one with the GTUBE string) to the list from a different address. My mail server (Postfix/Amavis/Spamassassin) correctly identifies the mail as spam, and, appropriately, adds several spam-related headers - X-Spam-Flag, X-Spam-Score etc. I can see, from the copy of the email that lands in /var/lib/amavis/virusmails on the mail server, that those headers are indeed present.
The mail message is handed off to Mailman for processing. The list in question has nonmember_default_action set to "defer", so Mailman sends the message on to each member address.
However, the message, as it appears in the inbox of addr1@somewhere.com, contains no X-Spam- headers. The only indication of the message's spammish nature is in the Subject line, which has been prepended with the familiar string "***SPAM*****".
On the face of it, it looks like Mailman has removed the X-Spam-* headers. If that's so, I don't understand why. I would be very grateful if anyone could help me figure out what is going on here.
Thanks in advance, Stephen
On 4/8/21 3:18 PM, skenny@scss.tcd.ie wrote:
On the face of it, it looks like Mailman has removed the X-Spam-* headers. If that's so, I don't understand why. I would be very grateful if anyone could help me figure out what is going on here.
This should not be the case. Mailman removes some headers from posts to anonymous lists, but not X-Spam- headers even there. Are you sure you are looking at the raw message headers and not some MUAs rendition of them?
I can think of no reason why Mailman would remove those headers.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
On 4/8/21 3:18 PM, skenny@scss.tcd.ie wrote:
On the face of it, it looks like Mailman has removed the X-Spam-* headers. This should not be the case. Mailman removes some headers from posts to anonymous lists, but not X-Spam- headers even there. Are you sure you are looking at the raw message headers and not some MUAs rendition of them? I can think of no reason why Mailman would remove those headers.
I think I may have been misreading what's going on. The spam email is first received by Postfix and rinsed by SpamAssassin. In the copy that gets retained as a gzipped file under /var/lib/amavis/virusmails, there's a header present near the top that says "Delivered-To: spam-quarantine" - as well as all the X-Spam-* headers.
So Postfix must consider the message "delivered" in that sense. My guess is that it then hands off the original email - minus all the X-Spam-* and other headers, but with the amended Subject: line (***SPAM*****) - to Mailman. Thus Mailman never sees those spam-related headers in the first place (?)
Stephen
I figured this out at last. As Mark indicates, it's nothing to do with Mailman. It has everything to do with Amavis. I'll summarize here tomorrow, in case it may be of interest.
Stephen
My last post was speculative and wrong (my original one contained mistakes too). The summary question is this:
A post to the mailing list passes through Amavis/Spamassassin on the mail server that feeds posts into Mailman. On the - different - mail server that delivers the message to my inbox (I'm a member of the list), it passes through another instance of Amavis/Spamassassin. So why do I only see one set of X-Spam-* headers - those added by the latter mail server?
It turns out that there is a setting in Amavis called $remove_existing_spam_headers, and by default it is set to 1. It means: "remove existing spam headers if spam scanning is enabled (default)". That default setting on the latter mail server explains the absence of the previous set X-Spam-* headers.
As expected, when I switch this setting to 0, Amavis stops removing Spam headers. If I then send a new post to the list, I can see in the email that drops in my inbox all the Spam headers that were added along the way, and not just those added by the final mail server.
Thanks Mark for taking the time to respond.
Kind regards Stephen
participants (2)
-
Mark Sapiro -
skenny@scss.tcd.ie