Within the past couple of weeks I have started getting a lot of emails directed to quarantine because of bad headers. In particular, the error looks like this:
Code: Select all
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded non-ASCII data (and not UTF-8)
(char A0 hex): Feedback-ID:
...dfa3-9e3c-46cf-9ff0-8931e63824c8:email:epslh1\x{A0}
Code: Select all
$ grep ecelerity *
badh-1GQgTnRSPtk3: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-8q_jrXKZkfWQ: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-8vK1Yw-APYqX: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-Ax4J5KEAHgPL: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-F8o2oh4QlMQP: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-FFi4SYDbmXlK: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-Jry_agaDpjrq: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-NLsvjcAVOQN8: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-SGbzTZ4eTYL6: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-TQ5xEsZMarv3: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-VBJ9drQXtakA: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-aFYe6QVM0iSk: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-eMhoJ8RCPmM7: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-lWkssAl3o-CZ: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-ogrC8tCOZcy0: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
badh-pBcFSu2gy8k3: (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
Code: Select all
badh-1GQgTnRSPtk3:Feedback-ID: ca5dbf63-208e-450e-9416-29f2e967c6e9:32cb7f3c-56d5-425d-8b7f-61c7e1daafa0:email:epslh1▒
badh-8q_jrXKZkfWQ:Feedback-ID: c8827038-beab-4370-8ae4-c5bfe9bf92c5:dae6dfa3-9e3c-46cf-9ff0-8931e63824c8:email:epslh1▒
badh-8vK1Yw-APYqX:Feedback-ID: 6b8a899b-9832-41e9-aaef-e3506dad65da:32cb7f3c-56d5-425d-8b7f-61c7e1daafa0:email:epslh1▒
badh-Ax4J5KEAHgPL:Feedback-ID: ca5dbf63-208e-450e-9416-29f2e967c6e9:32cb7f3c-56d5-425d-8b7f-61c7e1daafa0:email:epslh1▒
badh-F8o2oh4QlMQP:Feedback-ID: 1a358d93-a6a5-4178-99c7-051a3108dd37:02eb8b37-72cf-4a52-8bf3-248486b395de:email:epslh1▒
badh-FFi4SYDbmXlK:Feedback-ID: 6b8a899b-9832-41e9-aaef-e3506dad65da:32cb7f3c-56d5-425d-8b7f-61c7e1daafa0:email:epslh1▒
badh-Jry_agaDpjrq:Feedback-ID: d5784092-14df-486e-b864-8b3d56298cee:7849683f-0db4-4dca-93ab-cc226c17c075:email:epslh1▒
badh-NLsvjcAVOQN8:Feedback-ID: c8827038-beab-4370-8ae4-c5bfe9bf92c5:dae6dfa3-9e3c-46cf-9ff0-8931e63824c8:email:epslh1▒
badh-SGbzTZ4eTYL6:Feedback-ID: ca5dbf63-208e-450e-9416-29f2e967c6e9:32cb7f3c-56d5-425d-8b7f-61c7e1daafa0:email:epslh1▒
badh-TQ5xEsZMarv3:Feedback-ID: 6b8a899b-9832-41e9-aaef-e3506dad65da:32cb7f3c-56d5-425d-8b7f-61c7e1daafa0:email:epslh1▒
badh-VBJ9drQXtakA:Feedback-ID: d5784092-14df-486e-b864-8b3d56298cee:7849683f-0db4-4dca-93ab-cc226c17c075:email:epslh1▒
badh-aFYe6QVM0iSk:Feedback-ID: ca5dbf63-208e-450e-9416-29f2e967c6e9:32cb7f3c-56d5-425d-8b7f-61c7e1daafa0:email:epslh1▒
badh-eMhoJ8RCPmM7:Feedback-ID: d5784092-14df-486e-b864-8b3d56298cee:7849683f-0db4-4dca-93ab-cc226c17c075:email:epslh1▒
badh-lWkssAl3o-CZ:Feedback-ID: 1a358d93-a6a5-4178-99c7-051a3108dd37:02eb8b37-72cf-4a52-8bf3-248486b395de:email:epslh1▒
badh-ogrC8tCOZcy0:Feedback-ID: 6b8a899b-9832-41e9-aaef-e3506dad65da:32cb7f3c-56d5-425d-8b7f-61c7e1daafa0:email:epslh1▒
badh-pBcFSu2gy8k3:Feedback-ID: d5784092-14df-486e-b864-8b3d56298cee:7849683f-0db4-4dca-93ab-cc226c17c075:email:epslh1▒
What's odd is that these emails are all coming from legitimate sources and the content is valid. Some of the sources include:
mail.paypal.com
sheratonvacationclub.com
chase.com
My guess is that all of these companies are using ecelerity, or are outsourcing their marketing emails to a company that does, and they must have recently upgraded to a buggy version of ecelerity.
The question I have is how can I tell Amavis to ignore them? If anyone has any tips on how to do this, please let me know.
I'm running: Release 8.8.10_GA_3039.RHEL6_64_20180928094617 RHEL6_64 FOSS edition, Patch 8.8.10_P1.
Thanks to you all in advance,
-Michael