You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Sebastijan Šilec <se...@agenda.si> on 2012/07/25 15:33:58 UTC

AXB_XMAILER_MIMEOLE_OL

I'm getting a lot of AXB_XMAILER_MIMEOLE_OL_4379D and 
AXB_XMAILER_MIMEOLE_OL_024C2 hits lately from legit users.

What triggers this scores?

Thank you

Regards

Sebastijan

Re: AXB_XMAILER_MIMEOLE_OL

Posted by Bowie Bailey <Bo...@BUC.com>.

On 7/25/2012 9:43 AM, Bowie Bailey wrote:
> On 7/25/2012 9:33 AM, Sebastijan Šilec wrote:
>> I'm getting a lot of AXB_XMAILER_MIMEOLE_OL_4379D and
>> AXB_XMAILER_MIMEOLE_OL_024C2 hits lately from legit users.
>>
>> What triggers this scores?
> meta   AXB_XMAILER_MIMEOLE_OL_024C2  (__AXB_XM_OL_024C2 &&
> __AXB_MO_OL_024C2)
>
> header __AXB_MO_OL_024C2  X-MimeOLE =~ /Produced\ By\ Microsoft\
> MimeOLE\ V6\.00\.2600\.0000/
>
> header __AXB_XM_OL_024C2  X-Mailer =~ /Microsoft\ Outlook\ Express\
> 6\.00\.2600\.0000/
>
> So it's looking for an email that contains both the X0MimeOLE string and
> the X-Mailer string specified in those two rules.
>

And the other one is:

meta   AXB_XMAILER_MIMEOLE_OL_4379D  (__AXB_XM_OL_4379D && 
__AXB_MO_OL_4379D)

header __AXB_MO_OL_4379D  X-MimeOLE =~ /Produced\ By\ Microsoft\ 
MimeOLE\ V6\.00\.2900\.2180/

header __AXB_XM_OL_4379D  X-Mailer =~ /Microsoft\ Outlook\ Express\ 
6\.00\.2900\.2180/

You can find these definitions in the SA rules directory.  On my system, 
this is /var/lib/spamassassin/3.003002.

-- 
Bowie

Re: AXB_XMAILER_MIMEOLE_OL

Posted by Sebastijan Šilec <se...@agenda.si>.

On 25. 07. 2012 15:43, Bowie Bailey wrote:
> On 7/25/2012 9:33 AM, Sebastijan Šilec wrote:
>> I'm getting a lot of AXB_XMAILER_MIMEOLE_OL_4379D and
>> AXB_XMAILER_MIMEOLE_OL_024C2 hits lately from legit users.
>>
>> What triggers this scores?
>
> meta   AXB_XMAILER_MIMEOLE_OL_024C2  (__AXB_XM_OL_024C2 && 
> __AXB_MO_OL_024C2)
>
> header __AXB_MO_OL_024C2  X-MimeOLE =~ /Produced\ By\ Microsoft\ 
> MimeOLE\ V6\.00\.2600\.0000/
>
> header __AXB_XM_OL_024C2  X-Mailer =~ /Microsoft\ Outlook\ Express\ 
> 6\.00\.2600\.0000/
>
> So it's looking for an email that contains both the X0MimeOLE string 
> and the X-Mailer string specified in those two rules.
>
Thanks.

So it is just an old outdated outlook


S.
-- 

Sebastijan Šilec, sistemska podpora



http://www.agenda.si

ODPRTA KODA IN LINUX
STORITVE : POSLOVNE RESITVE : UPRAVLJANJE IT : INFRASTRUKTURA IT :
IZOBRAZEVANJE : PROGRAMSKA OPREMA

http://www.agenda.si

OPEN SOURCE AND LINUX
SERVICES : BUSINESS SOLUTIONS : IT MANAGEMENT : IT INFRASTRUCTURE :
TRAINING : SOFTWARE

Re: AXB_XMAILER_MIMEOLE_OL

Posted by Bowie Bailey <Bo...@BUC.com>.

On 7/25/2012 9:33 AM, Sebastijan Šilec wrote:
> I'm getting a lot of AXB_XMAILER_MIMEOLE_OL_4379D and
> AXB_XMAILER_MIMEOLE_OL_024C2 hits lately from legit users.
>
> What triggers this scores?

meta   AXB_XMAILER_MIMEOLE_OL_024C2  (__AXB_XM_OL_024C2 && 
__AXB_MO_OL_024C2)

header __AXB_MO_OL_024C2  X-MimeOLE =~ /Produced\ By\ Microsoft\ 
MimeOLE\ V6\.00\.2600\.0000/

header __AXB_XM_OL_024C2  X-Mailer =~ /Microsoft\ Outlook\ Express\ 
6\.00\.2600\.0000/

So it's looking for an email that contains both the X0MimeOLE string and 
the X-Mailer string specified in those two rules.

-- 
Bowie