You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Giovanni Bechis <gi...@paclan.it> on 2018/01/17 17:59:40 UTC
Re: FORGED_HOTMAIL_RCVD2 false positive
On 01/17/18 07:14, Pedro David Marco wrote:
> Hi,
>
> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') triggers for valid hotmail messages... (SA 3.4.1)
>
> This small change solves the problem but i do not know whether it is the correct way... maybe "hotmail" string should be changed widelly to "outlook|hotmail"...
>
> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
> 357c357
> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
> ---
>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>
>
> -----
> PedroD
Can you provide an email sample for a valid email message that triggers this rule ?
Thanks
Giovanni
Re: FORGED_HOTMAIL_RCVD2 false positive
Posted by Giovanni Bechis <gi...@paclan.it>.
On 01/17/18 19:29, David Jones wrote:
> On 01/17/2018 11:59 AM, Giovanni Bechis wrote:
>> On 01/17/18 07:14, Pedro David Marco wrote:
>>> Hi,
>>>
>>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') triggers for valid hotmail messages... (SA 3.4.1)
>>>
>>> This small change solves the problem but i do not know whether it is the correct way... maybe "hotmail" string should be changed widelly to "outlook|hotmail"...
>>>
>>> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
>>> 357c357
>>> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>>> ---
>>>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>>>
>>>
>>> -----
>>> PedroD
>> Can you provide an email sample for a valid email message that triggers this rule ?
>> Thanks
>> Giovanni
>>
>
> I am seeing about a hundred false positives a day in my mail flow:
>
> https://pastebin.com/wQwACuhB
>
> Definitely need to get a bug entered and patch HeaderEval.pm soon for version 3.4.2.
>
I'll take care of it.
Giovanni
Re: FORGED_HOTMAIL_RCVD2 false positive
Posted by David Jones <dj...@ena.com>.
On 01/17/2018 11:59 AM, Giovanni Bechis wrote:
> On 01/17/18 07:14, Pedro David Marco wrote:
>> Hi,
>>
>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') triggers for valid hotmail messages... (SA 3.4.1)
>>
>> This small change solves the problem but i do not know whether it is the correct way... maybe "hotmail" string should be changed widelly to "outlook|hotmail"...
>>
>> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
>> 357c357
>> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>> ---
>>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>>
>>
>> -----
>> PedroD
> Can you provide an email sample for a valid email message that triggers this rule ?
> Thanks
> Giovanni
>
I am seeing about a hundred false positives a day in my mail flow:
https://pastebin.com/wQwACuhB
Definitely need to get a bug entered and patch HeaderEval.pm soon for
version 3.4.2.
--
David Jones