One of the users was having his mail rejected from yahoo with the following error
#5.0.0 smtp; 554 Message not allowed - Headers are not RFC compliant[291]> #SMTP#
I had to "solve" the problem by routing the mail directly, rather than through the efa server.
Digging deeper, I discovered that if your subject line as a space at the end, the mailscanner will duplicate the subject line without the trailing space.
Example: (you'll see the duplicate subject between the X-SendingOrg-MailScanner-EFA-Watermark and X-SendingOrg-MailScanner-EFA-From headers)
Code: Select all
Return-path: <pdwalker@sending_domain.com>
Envelope-to: pdwalker@receiving_domain.com
Delivery-date: Wed, 04 Nov 2015 07:05:36 +0000
Received: from mailx.sending_domain.com ([112.120.80.132])
by linode.receiving_domain.com with esmtp (Exim 4.63)
(envelope-from <pdwalker@sending_domain.com>)
id 1Zts8U-0008Rk-MC
for pdwalker@receiving_domain.com; Wed, 04 Nov 2015 07:05:36 +0000
X-Spam-Status: No
X-SendingOrg-MailScanner-EFA-Watermark: 1447225334.7874@+F3UH5veY3iYSrMhwplUJw
Subject: subject with a space at the end
X-SendingOrg-MailScanner-EFA-From: pdwalker@sending_domain.com
X-SendingOrg-MailScanner-EFA-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=-9.999, required 4,
autolearn=not spam, ALL_TRUSTED -8.00, BAYES_00 -1.90,
DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10,
HTML_MESSAGE 0.00)
X-SendingOrg-MailScanner-EFA: Found to be clean
X-SendingOrg-MailScanner-EFA-ID: 96785180061.A1ACE
X-SendingOrg-MailScanner-EFA-Information: Please contact itsupport@sending_domain.com for more information
Received: from mailx.sending_domain.com (csnwex003 [10.10.1.12])
(using TLSv1 with cipher RC4-MD5 (128/128 bits))
(No client certificate requested)
by mailx.sending_domain.com (Postfix) with ESMTPS id 96785180061
for <pdwalker@receiving_domain.com>; Wed, 4 Nov 2015 15:02:13 +0800 (HKT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sending_domain.com;
s=default; t=1446620533;
bh=rZAo4KkiyZoz6WmTr617gCT5XCHpgJttbzJISCaSoHU=;
h=From:To:Date:Subject;
b=KmZ9nL0LgR6thtTQx1siLG6TJ8dBiIGXgO1caSLziC8OD4jR+9og+WTQ+g+oX5/SB
rf9ObNhJgOfWl4Xnw8qAZbRCwn80iT2NCd3JVt+OGdiXw9p1C+OU7DIOYbylNR+xXy
dudzWjqw5w/VFLsZaKbUnzX6fM+gOR566ngUaBDY=
Received: from CSNWEX003.sending_domain.local ([10.10.1.12]) by
CSNWEX003.sending_domain.local ([10.10.1.12]) with mapi; Wed, 4 Nov 2015
15:00:42 +0800
From: "Paul D. Walker" <pdwalker@sending_domain.com>
To: "pdwalker@receiving_domain.com" <pdwalker@receiving_domain.com>
Date: Wed, 4 Nov 2015 15:02:10 +0800
Subject: subject with a space at the end
Thread-Topic: subject with a space at the end
Thread-Index: AdEWzoTrviBuMoqDR2+PoISGliMMww==
Message-ID: <D25FCE72.4CA02%pdwalker@sending_domain.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.7.151005
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_D25FCE724CA02pdwalkersending_domaincom_"
MIME-Version: 1.0
X-Spam-Score: -2.0 (--)
X-Spam-Report: Spam detection software, running on the system "linode.receiving_domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: asdf sdfsd asdf sdfsd [...]
Content analysis details: (-2.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sending_domain.com]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
--_000_D25FCE724CA02pdwalkersending_domaincom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
asdf sdfsd
--_000_D25FCE724CA02pdwalkersending_domaincom_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Georgia, sans-serif;"><div>asdf sdfsd</div></body></=
html>
--_000_D25FCE724CA02pdwalkersending_domaincom_--Code: Select all
Return-path: <pdwalker@sending_domain.com>
Envelope-to: pdwalker@receiving_domain.com
Delivery-date: Wed, 04 Nov 2015 07:21:06 +0000
Received: from mailz.forscientia.com ([223.255.133.202] helo=mailx.sending_domain.com)
by linode.receiving_domain.com with esmtp (Exim 4.63)
(envelope-from <pdwalker@sending_domain.com>)
id 1ZtsNU-0008S0-AN
for pdwalker@receiving_domain.com; Wed, 04 Nov 2015 07:21:06 +0000
X-Spam-Status: No
X-SendingOrg-MailScanner-EFA-Watermark: 1447226265.54661@f2Rtd1DFrwSsagFkybqXtg
X-SendingOrg-MailScanner-EFA-From: pdwalker@sending_domain.com
X-SendingOrg-MailScanner-EFA-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=-7.133, required 4,
ALL_TRUSTED -8.00, BAYES_00 -1.90, DKIM_SIGNED 0.10,
DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FSL_BULK_SIG 1.47,
HTML_MESSAGE 0.00, PYZOR_CHECK 1.39)
X-SendingOrg-MailScanner-EFA: Found to be clean
X-SendingOrg-MailScanner-EFA-ID: 1C6AE180061.A1B27
X-SendingOrg-MailScanner-EFA-Information: Please contact itsupport@sending_domain.com for more information
Received: from mailx.sending_domain.com (csnwex003 [10.10.1.12])
(using TLSv1 with cipher RC4-MD5 (128/128 bits))
(No client certificate requested)
by mailx.sending_domain.com (Postfix) with ESMTPS id 1C6AE180061
for <pdwalker@receiving_domain.com>; Wed, 4 Nov 2015 15:17:45 +0800 (HKT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sending_domain.com;
s=default; t=1446621465;
bh=ktlUCNmPPnUJzxghfWa5jBleOBUjJTy4TdfFySc0MRg=;
h=From:To:Date:Subject;
b=cLwIBLbizpCxexxc5B5zF97idtFt0yy8pxhH6SHfGJHHLdyu6jX6oEjV2bHxZlqTG
F67kksRjVZ2cPMEE44GUJxO7trMYdCxVGpSP3a1hHfqMthZhAsyxxDocImMGn4PoVZ
UcNpLJ0mcm0Fwjsry84HkqZF9ujsgz95IwUYnK/A=
Received: from CSNWEX003.sending_domain.local ([10.10.1.12]) by
CSNWEX003.sending_domain.local ([10.10.1.12]) with mapi; Wed, 4 Nov 2015
15:16:14 +0800
From: "Paul D. Walker" <pdwalker@sending_domain.com>
To: "pdwalker@receiving_domain.com" <pdwalker@receiving_domain.com>
Date: Wed, 4 Nov 2015 15:17:42 +0800
Subject: no spaces at the end of the subject
Thread-Topic: no spaces at the end of the subject
Thread-Index: AdEW0LChkEXIm5NjTZeQCNbu4X6Szg==
Message-ID: <D25FD216.4CA05%pdwalker@sending_domain.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.7.151005
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_D25FD2164CA05pdwalkersending_domaincom_"
MIME-Version: 1.0
X-Spam-Score: -2.0 (--)
X-Spam-Report: Spam detection software, running on the system "linode.receiving_domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: test test [...]
Content analysis details: (-2.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sending_domain.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
--_000_D25FD2164CA05pdwalkersending_domaincom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
test
--_000_D25FD2164CA05pdwalkersending_domaincom_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Georgia, sans-serif;"><div>test</div></body></html>
--_000_D25FD2164CA05pdwalkersending_domaincom_--- Paul
edit: also posted to the mailscanner mailing list
