# DSPAM and codepage iso-8859-1 in headers

## thus

Hi,

I've reinstalled my mail server : fetchmail + postfix + dovecot + amavis + dspam + procmail + bogofilter

All seems to work except dspam is putting the codepage in the mail headers X-DSPAM-Result...

I've tried several configs but I can't remove these codepage =?iso-8859-1?Q?

Could someone help me ?

Here are my versions :

- amavisd-new-2.6.0

- dspam-3.8.0-r11

- dovecot-1.0.13-r1

```

X-DSPAM-Result: =?iso-8859-1?Q?Innocent=0D?=

X-DSPAM-Confidence: =?iso-8859-1?Q?0.8505=0D?=

X-DSPAM-Probability: =?iso-8859-1?Q?0.0000=0D?=

X-DSPAM-Signature: =?iso-8859-1?Q?4861d481104996786020673=0D?=

X-DSPAM-Factors: 27,

X-Virus-Scanned: amavisd-new at thus0

X-Spam-Flag: NO

X-Spam-Score: 5.336

X-Spam-Level: *****

X-Spam-Status: No, score=5.336 tagged_above=0 required=6.31

   tests=[DIGEST_MULTIPLE=0.001, PYZOR_CHECK=2.834,

   RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5,

   RAZOR2_CHECK=0.5, UNPARSEABLE_RELAY=0.001]

```

and in my dspam.conf :

```

Preference "spamAction=deliver"

Preference "signatureLocation=headers"

Preference "showFactors=off"

```

The only reference of the bug I've seen is on a kolab forum :

http://forum.pardus.de/index.php?topic=130.msg637#msg637

----------

## steveb

 *thus wrote:*   

> 
> 
> ```
> 
> X-DSPAM-Result: =?iso-8859-1?Q?Innocent=0D?=
> ...

 Strange. The header is corrupt. In X-DSPAM-Factors you should get much much more output then just this obscure "27,". Are you 100% sure that DSPAM is putting that iso-8859-1 stuff into the headers and not something else?

Could you try to process a message just with DSPAM and no other tool/contentfilter/anti-virus/etc. Do you get the same result?

// SteveB

----------

## thus

 *steveb wrote:*   

> Strange. The header is corrupt. In X-DSPAM-Factors you should get much much more output then just this obscure "27,". Are you 100% sure that DSPAM is putting that iso-8859-1 stuff into the headers and not something else?
> 
> Could you try to process a message just with DSPAM and no other tool/contentfilter/anti-virus/etc. Do you get the same result?
> 
> // SteveB

 

Hi SteveB

thanks for your answer... you're right ! I've checked the logs of amavisd and I think the problem comes from amavisd :

- it calls dspam (/usr/bin/dspam --stdout --deliver=spam,innocent --mode=tum --tokenizer=chained,noise --enable-signature-headers --user amavis)

- parse the results of dspam

- add & encode himself the mail headers with X-DSPAM-*

I've run manually the command used by amavis and the output is not corrupted.

I'm reading the source of amavis to track the bug ... I think it's somewhere in the "hdr function" when amavisd encode the mail headers

```

# Insert space after colon if not present, RFC2047-encode if field body

# contains non-ASCII characters, fold long lines if needed, prepend space

# before each NL if missing, append NL if missing. Header fields with only

# spaces are not allowed (rfc2822: Each line of characters MUST be no more

# than 998 characters, and SHOULD be no more than 78 characters, excluding

# the CRLF). $structured==0 indicates an unstructured header field,

# folding may be inserted at any existing whitespace character position;

# $structured==1 indicates that folding is only allowed at positions

# indicated by \n in the provided header body, original \n will be removed.

# With $structured==2 folding is preserved, wrapping step is skipped.

#

sub hdr($$$;$) {

  my($field_name, $field_body, $structured, $wrap_char) = @_;

  $wrap_char = "\t"  if !defined($wrap_char);

  local($1);

  if ($field_name =~ /^ (?: Subject\z | Comments\z |

                            X- (?! Envelope- (?:From|To)\z ) )/six &&

      $field_body !~ /^[\t\n\040-\176]*\z/  # not all printable (or TAB or LF)

  ) {  # encode according to RFC 2047

    # actually RFC 2047 also allows encoded-words in rfc822 extension

    # message header fields (now: optional header fields), within comments

    # in structured header fields, or within 'phrase' (e.g. in From, To, Cc);

    # we are being sloppy here!

    $field_body =~ s/\n([ \t])/$1/g;  # unfold

    chomp($field_body);

    my($field_body_octets);

    my($chset) = c('hdr_encoding');  my($qb) = c('hdr_encoding_qb');

    if (!$unicode_aware) { $field_body_octets = $field_body }

    else {

      $field_body_octets = safe_encode($chset, $field_body);

#     do_log(5, "hdr - UTF-8 body:  %s", $field_body);

#     do_log(5, "hdr - body octets: %s", $field_body_octets);

    }

    my($encoder_func) = uc($qb) eq 'Q' ? \&q_encode

                                       : \&MIME::Words::encode_mimeword;

    $field_body = join("\n", map { /^[\001-\011\013\014\016-\177]*\z/ ? $_

                                     : &$encoder_func($_,$qb,$chset) }

                                 split(/\n/, $field_body_octets, -1));

  } else {  # supposed to be in plain ASCII, let's make sure it is

    $field_body = safe_encode('ascii', $field_body);

  }

  $field_name = safe_encode('ascii', $field_name);

  my($str) = $field_name . ':';

  $str .= ' '  if $field_body !~ /^[ \t\n]/;

  $str .= $field_body;

  if ($structured == 2) {  # already folded, keep it that way, sanitize

    1 while $str =~ s/^([ \t]*)\n/$1/;  # prefixed by whitespace lines?

    $str =~ s/\n(?=[ \t]*(\n|\z))//g;   # whitespace lines within or at end

    $str =~ s/\n(?![ \t])/\n /g;  # insert a space at line folds if missing

  } else {

    $wrap_char = "\t"  if !defined($wrap_char);

    $str = wrap_string($str, 78, '', $wrap_char, $structured

                      )  if $structured==1 || length($str) > 78;

  }

  if (length($str) > 998) {

    my(@lines) = split(/\n/,$str);  my($trunc) = 0;

    for (@lines)

      { if (length($_) > 998) { $_ = substr($_,0,998-3).'...'; $trunc = 1 } }

    if ($trunc) {

      do_log(0, "INFO: truncating long header field (len=%d): %s[...]",

             length($str), substr($str,0,100) );

      $str = join("\n",@lines);

    }

  }

  $str .= "\n"  if $str !~ /\n\z/;  # append final NL

  do_log(5, "header: %s", $str);

  $str;

}

```

----------

## steveb

Please change in your /etc/amavisd.conf the line:

```
$dspam  = 'dspam';
```

to

```
#$dspam  = 'dspam';
```

Then restart Amavis and DSPAM and check if you still have that error.

// Steve

----------

## thus

 *steveb wrote:*   

> Please change in your /etc/amavisd.conf the line:
> 
> ```
> $dspam  = 'dspam';
> ```
> ...

 

Thanks Steveb for your help.

I've tried to modify amavisd-new and removed the codepage coding but it's a dirty hack... 

For those interested to investigate : it's near line 21210

I've replaced :

```

          # add DSPAM header fields to passed mail for all recipients

          $hdr_edits->add_header($hh,$hb)

```

with :

```

          # add DSPAM header fields to passed mail for all recipients

          $hdr_edits->add_header($hh,sanitize_str($hb))

```

Finally, I won't use amavisd-new and will use dspam+clamd+bogofilter directly :

fetchmail -> postfix -> (pipe) dspam + clamd:3310 -> postfix:10026 -> procmail -> bogofilter -> dovecot

I'm not sure it's the best order but this chain is working for me  :Smile: 

See you

----------

## steveb

Why bogofilter? Is bogofilter not doing +/- the same as DSPAM?

// SteveB

----------

