[SpamCop.net - protecting the internet through technology]

[SpamCop-List] Re: Quick reporting bug again [heads up Ellen/Admins]

Mike Easter MikeE at ster.invalid
Wed Feb 23 07:45:40 EST 2005 

Jon (spamtrap) wrote:
www.spamcop.net/sc?id=z735645421z7eac27fed24e08858598e342550fcd7fz
>
> The offending line is "Received:  from absolventum.uni-mannheim.de
> ([70.80.20.208]) by backupmx.bbb..co.uk with Microsoft SMTP [snip]".
> As you can see, the mail server has had an extra dot injected into
> it.

Yes.  I've seen the extra dot problem before -- but when I saw it before
I didn't think it had anything to do with a continuation = character.

> The corresponding lines from my multiple-spam quick report (MIME
> multipart/mixed) is thus (tabs changed to spaces & pipes inserted for
> clarity):
>
>> Received: from backupmx.bbb.co.uk (unverified [217.206.156.178]) by
>> MAIL.bb= b.co.uk
>>  (Content Technologies SMTPRS 4.3.17) with ESMTP id
>> <T6f49d50dbed4f8e9b6604= @MAIL.bbb.co.uk> for <x>;
>>        Wed, 23 Feb 2005 04:14:29 +0000
>> Received: from absolventum.uni-mannheim.de ([70.80.20.208]) by
>> backupmx.bbb= .co.uk with Microsoft SMTPSVC(5.0.2195.6713);
>>        Wed, 23 Feb 2005 04:12:59 +0000
>> Received: from 225.18.204.107 by smtp.yg.rapina.ee;
>>        Wed, 23 Feb 2005 03:51:28 +0000

I'm still not crystal clear on what is posted above.  I've never seen
that condition on any of my spam or any other mail for that matter.
That is, in all of the folding of Received tracelines I've ever seen,
I've never seen them folded with = chars.

> Ellen has previously acknowledged that the fault exists.

Ellen is very wise, but my argument is that I don't understand how those
lines are getting to be that = way in the first place.  That is, I guess
I'm saying that my theory is that something is screwing up the lines on
your end by continuing them with an =.  I'm saying that when something
in 'your' system originally received the item, there were no = chars in
there.  Your system introduced them 'on its own' and the spamcop system
isn't taking them back out 'properly'.  I'll abbreviate the lines
because that makes it easier for me to talk about them.

  Abbreviated & corrected Received lines *comment
  from mail.bbb.co.uk ([212.248.233.182]) by cv-mail.corp.bbb.co.uk
*serves you
  from backupmx.bbb.co.uk [217.206.156.178]) by MAIL.bbb.co.uk *serves
you
  from absolventum.uni-mannheim.de ([70.80.20.208]) by
backupmx.bbb.co.uk *sourceline
  from 225.18.204.107 by smtp.yg.rapina.ee *bogusline

My analysis is that bbb received the item from mannheim and then bbb
started putting in = chars to fold the lines in its own way.

None of my mail or my spam contains = lines to fold or 'continuate'.

> Here it is
> illustrated on the 6th line above, where the backupmx.bbb.co.uk is
> split with the = char, which is where SC subsequently mis-parses.
> This is a rare bug since the server FQDN appears to need to be split
> with a continuation character *on a dot* for the bug to appear.

I understand what you are saying.  You are saying that SC takes out the
= correctly except when it lands on a dot.  What I'm saying is that I'm
guessing that Julian has assigned this a low priority because almost no
one else's system sticks = continuations into their mail before they
submit it to the parser.

I don't know what is the rule for putting in = and I certainly don't
know what is the rule for taking out spuriously introduced =.

My opinion is that it is bbb.co.uk's fault.

-- 
Mike Easter
kibitzer, not SC admin

More information about the SpamCop-List mailing list