[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about header modifications and MIME content-types

From: Dan Nelson
Subject: Re: Question about header modifications and MIME content-types
Date: Sun, 8 Dec 2002 15:44:19 -0600
User-agent: Mutt/1.5.1i

In the last episode (Dec 08), Terry Kennedy said:
>   I'm running SpamAssassin 2.43 configured out-of-the-box with
> spamass-milter 0.1.2, and I've run into content-type mangling issues.
> If a message is flagged as spam, SpamAssassin includes the usual body
> preface saying what tests trig- gered the spam warning. But if the
> existing body is something other than a regularly-viewable text
> message (like Base64), the mail user agent can become confused and
> display gibberish in some cases, or fail to decode the body part in
> other cases.

That's actually SpamAssassin's default behaviour; it's partially to
ensure that script-based exploits aren't executed by MS OutLook (the
only way to guarantee that is to change the content-type to
text/plain), and also to ensure that the spam warning message is
readable (if for example the only content was a GIF file, for example,
then the extra text would just break the image and the user would have
no idea what happened).

I think what most people end up doing is setting report_header=1 and
defang_mime=0 in SpamAssassin, so the Subject still gets the
*****SPAM***** tag, and if the reader is curious, they can always view
headers to see the SA report.  Be aware that if you're running Outlook
and open the message, any embedded scripts will still get run.
>   I realize I'm out-of-date regarding current the spamass-milter
> development version, but before I download all the latest bits, I was
> wondering if there was either a) anyone else with experience with
> this, and/or b) a new packaged spamass-milter kit on the horizon.

I've pulled a lot of new feature patches from Savannah into CVS and
they seem to be working fine, so I should be able to make a Christmas
release.  If 0.1.2 is working fine for you and you don't need the new
features, don't bother pulling the CVS tree.  Just wait for the

        Dan Nelson

reply via email to

[Prev in Thread] Current Thread [Next in Thread]