You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Sebastijan Šilec <se...@agenda.si> on 2012/07/25 15:33:58 UTC
AXB_XMAILER_MIMEOLE_OL
I'm getting a lot of AXB_XMAILER_MIMEOLE_OL_4379D and
AXB_XMAILER_MIMEOLE_OL_024C2 hits lately from legit users.
What triggers this scores?
Thank you
Regards
Sebastijan
Re: AXB_XMAILER_MIMEOLE_OL
Posted by Bowie Bailey <Bo...@BUC.com>.
On 7/25/2012 9:43 AM, Bowie Bailey wrote:
> On 7/25/2012 9:33 AM, Sebastijan Šilec wrote:
>> I'm getting a lot of AXB_XMAILER_MIMEOLE_OL_4379D and
>> AXB_XMAILER_MIMEOLE_OL_024C2 hits lately from legit users.
>>
>> What triggers this scores?
> meta AXB_XMAILER_MIMEOLE_OL_024C2 (__AXB_XM_OL_024C2 &&
> __AXB_MO_OL_024C2)
>
> header __AXB_MO_OL_024C2 X-MimeOLE =~ /Produced\ By\ Microsoft\
> MimeOLE\ V6\.00\.2600\.0000/
>
> header __AXB_XM_OL_024C2 X-Mailer =~ /Microsoft\ Outlook\ Express\
> 6\.00\.2600\.0000/
>
> So it's looking for an email that contains both the X0MimeOLE string and
> the X-Mailer string specified in those two rules.
>
And the other one is:
meta AXB_XMAILER_MIMEOLE_OL_4379D (__AXB_XM_OL_4379D &&
__AXB_MO_OL_4379D)
header __AXB_MO_OL_4379D X-MimeOLE =~ /Produced\ By\ Microsoft\
MimeOLE\ V6\.00\.2900\.2180/
header __AXB_XM_OL_4379D X-Mailer =~ /Microsoft\ Outlook\ Express\
6\.00\.2900\.2180/
You can find these definitions in the SA rules directory. On my system,
this is /var/lib/spamassassin/3.003002.
--
Bowie
Re: AXB_XMAILER_MIMEOLE_OL
Posted by Sebastijan Šilec <se...@agenda.si>.
On 25. 07. 2012 15:43, Bowie Bailey wrote:
> On 7/25/2012 9:33 AM, Sebastijan Šilec wrote:
>> I'm getting a lot of AXB_XMAILER_MIMEOLE_OL_4379D and
>> AXB_XMAILER_MIMEOLE_OL_024C2 hits lately from legit users.
>>
>> What triggers this scores?
>
> meta AXB_XMAILER_MIMEOLE_OL_024C2 (__AXB_XM_OL_024C2 &&
> __AXB_MO_OL_024C2)
>
> header __AXB_MO_OL_024C2 X-MimeOLE =~ /Produced\ By\ Microsoft\
> MimeOLE\ V6\.00\.2600\.0000/
>
> header __AXB_XM_OL_024C2 X-Mailer =~ /Microsoft\ Outlook\ Express\
> 6\.00\.2600\.0000/
>
> So it's looking for an email that contains both the X0MimeOLE string
> and the X-Mailer string specified in those two rules.
>
Thanks.
So it is just an old outdated outlook
S.
--
Sebastijan Šilec, sistemska podpora
http://www.agenda.si
ODPRTA KODA IN LINUX
STORITVE : POSLOVNE RESITVE : UPRAVLJANJE IT : INFRASTRUKTURA IT :
IZOBRAZEVANJE : PROGRAMSKA OPREMA
http://www.agenda.si
OPEN SOURCE AND LINUX
SERVICES : BUSINESS SOLUTIONS : IT MANAGEMENT : IT INFRASTRUCTURE :
TRAINING : SOFTWARE
Re: AXB_XMAILER_MIMEOLE_OL
Posted by Bowie Bailey <Bo...@BUC.com>.
On 7/25/2012 9:33 AM, Sebastijan Šilec wrote:
> I'm getting a lot of AXB_XMAILER_MIMEOLE_OL_4379D and
> AXB_XMAILER_MIMEOLE_OL_024C2 hits lately from legit users.
>
> What triggers this scores?
meta AXB_XMAILER_MIMEOLE_OL_024C2 (__AXB_XM_OL_024C2 &&
__AXB_MO_OL_024C2)
header __AXB_MO_OL_024C2 X-MimeOLE =~ /Produced\ By\ Microsoft\
MimeOLE\ V6\.00\.2600\.0000/
header __AXB_XM_OL_024C2 X-Mailer =~ /Microsoft\ Outlook\ Express\
6\.00\.2600\.0000/
So it's looking for an email that contains both the X0MimeOLE string and
the X-Mailer string specified in those two rules.
--
Bowie