Suspicious headers (was: Re: Goodbye for now, kmail)

Thu May 11 20:47:51 BST 2017

Martin Steigerwald - 08.05.17, 23:24:
> Ingo Klöcker - 08.05.17, 21:11:
> > On Saturday 06 May 2017 12:04:24 Vojtěch Zeisek wrote:
> > > BTW, why is this the only conference I use awaiting moderation:
> > > Is being held until the list moderator can review it for approval.
> > > The reason it is being held:
> > > Message has a suspicious header
> > > Conference about KDE PIM rejects mails from KDE PIM? :-)
> > 
> > I wish I knew. Messages of other people are also held for moderation.
> > Unfortunately, mailman isn't very transparent about which header is
> > deems suspicious.
> 
> […]
> 
> > Hmm. According to
> > https://mailman.readthedocs.io/en/release-3.0/src/mailman/rules/docs/suspi
> > ci ous.html it's controlled by the bounce_matching_headers setting. For
> > this mailing list it's set to
> > =====
> > X-Spam-Status: Yes
> > Content-Type: text/html
> > =====
> > 
> > So, messages that have been flagged as spam and HTML-messages are
> > regarded as suspicious. As far as I can see your messages contain
> > neither of those header. So, I still don't know what mailman is talking
> > about. :/
> 
> Its happening for me as well. Ingo, do you see a similarity between the
> headers of my mails and the ones from Vojtěch?
> 
> Quoting from the headers you sent me as an example, Ingo, I do have X-Spam
> headers (needlessly as SpamAssassin shouldn´t run for mails I deliver via
> SMTP AUTH. I have an idea on how to change it, but I unlikely I get around
> to it before my holidays).
> 
> X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
>         mondschein.lichtvoll.de
> X-Spam-Level:
> X-Spam-Status: No, score=-2.9 required=7.0 tests=ALL_TRUSTED,BAYES_00
>         autolearn=ham autolearn_force=no version=3.4.1
> 
> But it very clearly says:
> 
> X-Spam-Status: No
> 
> while Mailman searches for Yes.
> 
> And there is definately no HTML in my mails nor any header related to it.
> 
> So or so according to hints elsewhere this appears to be the legacy spam
> filter in Mailman. Is it necessary to filter for "X-Spam-Status: Yes"
> there? postbox.kde.org could decline such mails already. Hmmm, I think best
> is to open a sysadmin ticket. I just created one: T6075 (I think it is set
> as private with sysadmins).

Ben just fixed this one. Mailman search was case sensitive and my mails 
contained headers like:

    X-Spam-Status: No, score=-2.9 required=7.0 tests=ALL_TRUSTED,BAYES_00
     autolearn=ham autolearn_force=no version=3.4.1

X-Spam-Status: Yes

case insensitively matches 

X-Spam-Status:.*BAYES_00

Ben added a "^" in front of the "Yes" so it needs to stand at the beginning of 
the field content – so this rule shouldn´t match anymore.

Thanks,
-- 
Martin