[Mimedefang] MIMEdefang makes Sendmail bypass its anti-spam rules

Wed Aug 13 14:31:01 EDT 2003

When MIMEdefang modifies the Subject: line to add a SPAM SCORE X.X text,
as triggered by a SpamAssassin score, it appears that further anti-spam
rules in Sendmail get bypassed.

The following example is a spam from the domain speedyterra.com.br
which gets spam-tagged as shown below.  However, normally no
messages whatsoever from the speedyterra.com.br domain should
be accepted by our Sendmail server, since that domain is listed
in our /etc/mail/access database.  It appears that the tagging
by MIMEdefang makes Sendmail bypass further anti-spam rules
in the sendmail.cf configuration file.

Is there a bug in the Milter code in Sendmail, or what may
be going on ?  We run MIMEdefang 2.34 with Sendmail 8.12.8 on
a Redhat ES2.1 server.

The headers of the message that slipped through:

Received: from 200-161-132-107.speedyterra.com.br 
(200-161-132-107.speedyterra.com.br [200.161.132.107] (may be forged))
	by servfys.fysik.dtu.dk 
(8.12.8/8.12.8/NJABL+ORDB+Spamhaus+SpamCop+access) with SMTP id 
h7DG0YiZ031698
	for <schiotz at fysik.dtu.dk>; Wed, 13 Aug 2003 18:00:52 +0200
Received: from a55f.9sa0.net (HELO 7ox8) [119.190.148.119] by 
200-161-132-107.speedyterra.com.br; Wed, 13 Aug 2003 11:10:30 -0600
Message-ID: <bj$-5hf$$qi$$$1 at 6jpe85l>
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-Spam-Score: 9 (*********) 
DATE_IN_PAST_03_06,FORGED_MUA_OUTLOOK,HTML_60_70,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_MIMEOLE,SEMIFORGED_HOTMAIL_RCVD,X_PRIORITY_HIGH
X-Scanned-By: CanIt (www . canit . ca)
From: "Sharlene Clarke" <i92bg2lmnj at hotmail.com>
To: schiotz at fysik.dtu.dk
Subject: [SPAM SCORE 9] Open this for great Phone-sex ffbddc rgl ecem
Date: Wed, 13 Aug 03 11:10:30 GMT
...(message body omitted)

Thanks for sharing your insights,
Ole Holm Nielsen
Department of Physics
Technical University of Denmark