Empty attachments - BAD HEADER SECTION, MIME error: error: part did not end with expected boundary

Mark Martinec Mark.Martinec+amavis at ijs.si
Mon May 21 15:22:41 CEST 2012 

Alex,

> Environment :
> - Ubuntu - 10.04.3 LTS
> - Postfix - 2.7.0-1ubuntu0.2
> - Amavis - 1:2.6.4-1ubuntu5
> - Spam Assassin - 3.3.1-1
> - ClamAV - 0.96.5+dfsg-1ubuntu1.10.04.3
> 
> Symptoms - A couple of emails per day come through the system with empty
> attachments.  They have the following line in their header:
> 
> X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end
> with expected boundary
> 
> - I have not been able to reproduce the problem myself
> - Problematic mails re-sent often come through without problem, ie with
> the attachment
> - The offending mails generate ClamAV quarantine files, but even these
> don't contain the attachments
> - If I receive the same emails at a different account on an unrelated
> system I see the attachment perfectly well
> - We see the same issue from a number of unrelated senders
> 
> Sample header (anonymised):
> 
>  From xxxxxx at xxx.com  Tue May 15 07:41:14 2012
> Return-Path: <xxxxxx at xxx.com>
> X-Original-To: dump at proxy.yyyyy.com
> Delivered-To: dump at proxy.yyyyy.com
> Received: from localhost (localhost [127.0.0.1])
>          by mail.yyyyy.com (Postfix) with ESMTP id 170554C16E9;
>          Tue, 15 May 2012 07:41:14 +0200 (CEST)
> X-Quarantine-ID: <Px1M0jVRJetN>
> X-Virus-Scanned: Debian amavisd-new at yyyyy.com
> X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end
> with expected boundary
> X-Spam-Flag: NO
> X-Spam-Score: -1.911
> X-Spam-Level:
> X-Spam-Status: No, score=-1.911 tagged_above=-100 required=6.31
>          tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01]
>          autolearn=ham
> Received: from mail.yyyyy.com ([127.0.0.1])
>          by localhost (yyyyy.com [127.0.0.1]) (amavisd-new, port 10024)
>          with ESMTP id Px1M0jVRJetN; Tue, 15 May 2012 07:41:11 +0200 (CEST)
> Received: by mail.yyyyy.com (Postfix, from userid 1002)
>          id BBE204C03D1; Tue, 15 May 2012 07:41:11 +0200 (CEST)
> Received: from mail1.xxx.com (mail1.xxx.com [11.22.33.44])
>          by mail.yyyyy.com (Postfix) with ESMTP id 98EBC4C03D1;
>          Tue, 15 May 2012 07:41:11 +0200 (CEST)
> From: XXXX XXXXX <xxxxxx at xxx.com>
> Subject: News
> Thread-Topic: News
> Thread-Index: Ac0yXHvsAZ0A5DlqQrO9zy68+EZRewAANCFg
> Date: Tue, 15 May 2012 05:41:08 +0000
> Message-ID: <19D32E934240BC45AD953862CE86FA3701285833 at qqqq.xxx.com>
> References: <4CDB5B433E87004CBA5E07997B4BF6C70639FEDD at qqqq.xxx.com>
> In-Reply-To: <4CDB5B433E87004CBA5E07997B4BF6C70639FEDD at qqqq.xxx.com>
> Accept-Language: de-CH, en-US
> Content-Language: de-DE
> X-MS-Has-Attach: yes
> X-MS-TNEF-Correlator:
> Content-Type: multipart/mixed;
>          boundary="_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK"
> MIME-Version: 1.0
> To: Undisclosed recipients:;
> X-Copyrighted-Material: None
> 
> --_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK
> Content-Type: multipart/alternative;
>          boundary="_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK"
> 
> --_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> .....

This seems to happen before a message reaches amavisd.

> Received: by mail.yyyyy.com (Postfix, from userid 1002)

So what is this thing that is re-injecting a message locally
from userid 1002 ???


  Mark

More information about the amavis-users mailing list