Empty attachments - BAD HEADER SECTION, MIME error: error: part did not end with expected boundary
Alex Dyas
adyas at linalis.com
Wed May 30 11:06:47 CEST 2012
Hello Mark,
On 05/21/2012 03:22 PM, Mark Martinec wrote:
> Alex,
>
>> Environment :
>> - Ubuntu - 10.04.3 LTS
>> - Postfix - 2.7.0-1ubuntu0.2
>> - Amavis - 1:2.6.4-1ubuntu5
>> - Spam Assassin - 3.3.1-1
>> - ClamAV - 0.96.5+dfsg-1ubuntu1.10.04.3
>>
>> Symptoms - A couple of emails per day come through the system with empty
>> attachments. They have the following line in their header:
>>
>> X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end
>> with expected boundary
>>
>> - I have not been able to reproduce the problem myself
>> - Problematic mails re-sent often come through without problem, ie with
>> the attachment
>> - The offending mails generate ClamAV quarantine files, but even these
>> don't contain the attachments
>> - If I receive the same emails at a different account on an unrelated
>> system I see the attachment perfectly well
>> - We see the same issue from a number of unrelated senders
>>
>> Sample header (anonymised):
>>
>> From xxxxxx at xxx.com Tue May 15 07:41:14 2012
>> Return-Path:<xxxxxx at xxx.com>
>> X-Original-To: dump at proxy.yyyyy.com
>> Delivered-To: dump at proxy.yyyyy.com
>> Received: from localhost (localhost [127.0.0.1])
>> by mail.yyyyy.com (Postfix) with ESMTP id 170554C16E9;
>> Tue, 15 May 2012 07:41:14 +0200 (CEST)
>> X-Quarantine-ID:<Px1M0jVRJetN>
>> X-Virus-Scanned: Debian amavisd-new at yyyyy.com
>> X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end
>> with expected boundary
>> X-Spam-Flag: NO
>> X-Spam-Score: -1.911
>> X-Spam-Level:
>> X-Spam-Status: No, score=-1.911 tagged_above=-100 required=6.31
>> tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01]
>> autolearn=ham
>> Received: from mail.yyyyy.com ([127.0.0.1])
>> by localhost (yyyyy.com [127.0.0.1]) (amavisd-new, port 10024)
>> with ESMTP id Px1M0jVRJetN; Tue, 15 May 2012 07:41:11 +0200 (CEST)
>> Received: by mail.yyyyy.com (Postfix, from userid 1002)
>> id BBE204C03D1; Tue, 15 May 2012 07:41:11 +0200 (CEST)
>> Received: from mail1.xxx.com (mail1.xxx.com [11.22.33.44])
>> by mail.yyyyy.com (Postfix) with ESMTP id 98EBC4C03D1;
>> Tue, 15 May 2012 07:41:11 +0200 (CEST)
>> From: XXXX XXXXX<xxxxxx at xxx.com>
>> Subject: News
>> Thread-Topic: News
>> Thread-Index: Ac0yXHvsAZ0A5DlqQrO9zy68+EZRewAANCFg
>> Date: Tue, 15 May 2012 05:41:08 +0000
>> Message-ID:<19D32E934240BC45AD953862CE86FA3701285833 at qqqq.xxx.com>
>> References:<4CDB5B433E87004CBA5E07997B4BF6C70639FEDD at qqqq.xxx.com>
>> In-Reply-To:<4CDB5B433E87004CBA5E07997B4BF6C70639FEDD at qqqq.xxx.com>
>> Accept-Language: de-CH, en-US
>> Content-Language: de-DE
>> X-MS-Has-Attach: yes
>> X-MS-TNEF-Correlator:
>> Content-Type: multipart/mixed;
>> boundary="_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK"
>> MIME-Version: 1.0
>> To: Undisclosed recipients:;
>> X-Copyrighted-Material: None
>>
>> --_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK
>> Content-Type: multipart/alternative;
>> boundary="_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK"
>>
>> --_004_19D32E934240BC45AD953862CE86FA3701285833ASDJKFK
>> Content-Type: text/plain; charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>> .....
> This seems to happen before a message reaches amavisd.
Ok
>
>> Received: by mail.yyyyy.com (Postfix, from userid 1002)
> So what is this thing that is re-injecting a message locally
> from userid 1002 ???
We have a line in the Postfix configuration that blind copies every mail
going through the system to a local user. I guess this is the cause of
the re-injection. This is for audit purposes. I wonder now if that is
causing the issues somehow. I will remove this line temporarily to see
if it fixes the issue. If so we will find a better way of saving copies
of the mail.
Thanks for your pointer.
>
>
> Mark
Alex
More information about the amavis-users
mailing list