You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Pedro David Marco <pe...@yahoo.com> on 2018/01/17 06:14:36 UTC
FORGED_HOTMAIL_RCVD2 false positive
Hi,
FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') triggers for valid hotmail messages... (SA 3.4.1)
This small change solves the problem but i do not know whether it is the correct way... maybe "hotmail" string should be changed widelly to "outlook|hotmail"...
/usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig357c357
< if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)---> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
-----
PedroD
Re: FORGED_HOTMAIL_RCVD2 false positive
Posted by Giovanni Bechis <gi...@paclan.it>.
On 01/17/18 19:29, David Jones wrote:
> On 01/17/2018 11:59 AM, Giovanni Bechis wrote:
>> On 01/17/18 07:14, Pedro David Marco wrote:
>>> Hi,
>>>
>>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') triggers for valid hotmail messages... (SA 3.4.1)
>>>
>>> This small change solves the problem but i do not know whether it is the correct way... maybe "hotmail" string should be changed widelly to "outlook|hotmail"...
>>>
>>> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
>>> 357c357
>>> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>>> ---
>>>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>>>
>>>
>>> -----
>>> PedroD
>> Can you provide an email sample for a valid email message that triggers this rule ?
>> Thanks
>> Giovanni
>>
>
> I am seeing about a hundred false positives a day in my mail flow:
>
> https://pastebin.com/wQwACuhB
>
> Definitely need to get a bug entered and patch HeaderEval.pm soon for version 3.4.2.
>
I'll take care of it.
Giovanni
Re: FORGED_HOTMAIL_RCVD2 false positive
Posted by David Jones <dj...@ena.com>.
On 01/17/2018 11:59 AM, Giovanni Bechis wrote:
> On 01/17/18 07:14, Pedro David Marco wrote:
>> Hi,
>>
>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') triggers for valid hotmail messages... (SA 3.4.1)
>>
>> This small change solves the problem but i do not know whether it is the correct way... maybe "hotmail" string should be changed widelly to "outlook|hotmail"...
>>
>> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
>> 357c357
>> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>> ---
>>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>>
>>
>> -----
>> PedroD
> Can you provide an email sample for a valid email message that triggers this rule ?
> Thanks
> Giovanni
>
I am seeing about a hundred false positives a day in my mail flow:
https://pastebin.com/wQwACuhB
Definitely need to get a bug entered and patch HeaderEval.pm soon for
version 3.4.2.
--
David Jones
Re: FORGED_HOTMAIL_RCVD2 false positive
Posted by Giovanni Bechis <gi...@paclan.it>.
On 01/17/18 07:14, Pedro David Marco wrote:
> Hi,
>
> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') triggers for valid hotmail messages... (SA 3.4.1)
>
> This small change solves the problem but i do not know whether it is the correct way... maybe "hotmail" string should be changed widelly to "outlook|hotmail"...
>
> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
> 357c357
> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
> ---
>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>
>
> -----
> PedroD
Can you provide an email sample for a valid email message that triggers this rule ?
Thanks
Giovanni
Re: (was: FORGED_HOTMAIL_RCVD2 false positive) Can't locate object
method "check_for_forged_gmail_received_headers" via package
"Mail::SpamAssassin::PerMsgStatus" at (eval 1360) line 1587.
Posted by Marcin Mirosław <ma...@mejor.pl>.
W dniu 30.01.2018 o 14:51, Kevin A. McGrail pisze:
> On 1/30/2018 4:11 AM, Marcin Mirosław wrote:
>> Can error pasted below be related to this commit?
>
> Yes, without a doubt the same bug.
Hi!
I'm answering with one email, thanks for your anwsers and now sa-update
works fine.
Have a nice day
Re: (was: FORGED_HOTMAIL_RCVD2 false positive) Can't locate object
method "check_for_forged_gmail_received_headers" via package
"Mail::SpamAssassin::PerMsgStatus" at (eval 1360) line 1587.
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 1/30/2018 4:11 AM, Marcin Mirosław wrote:
> Can error pasted below be related to this commit?
Yes, without a doubt the same bug.
Re: (was: FORGED_HOTMAIL_RCVD2 false positive) Can't locate object
method "check_for_forged_gmail_received_headers" via package
"Mail::SpamAssassin::PerMsgStatus" at (eval 1360) line 1587.
Posted by Giovanni Bechis <gi...@paclan.it>.
On 01/30/18 10:11, Marcin Mirosław wrote:
> W dniu 29.01.2018 o 08:26, Giovanni Bechis pisze:
>> On 01/29/18 06:00, Alex wrote:
>>> Hi,
>>>
>>>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:')
>>>> triggers for valid hotmail messages... (SA 3.4.1)
>>>>
>>>> This small change solves the problem but i do not know whether it is the
>>>> correct way... maybe "hotmail" string should be changed widelly to
>>>> "outlook|hotmail"...
>>>>
>>>> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
>>>> 357c357
>>>> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>>>> ---
>>>>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][
>>>>> \):]/ && $ip)
>>>
>>> Any status on this? I believe you were going to open a bug report? It
>>> doesn't appear this fix (or any fix) has been included to address the
>>> hotmail fp's.
>>>
>> Committed yesterday by davej@
>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7534
>
>
> Hi!
> Can error pasted below be related to this commit?
> # sa-update -vD
> [...]
> sty 30 10:10:00.540 [3276] dbg: FreeMail: RULE (__freemail_reply)
> check_freemail_replyto
> sty 30 10:10:00.540 [3276] dbg: FreeMail: From address:
> ignore@compiling.spamassassin.taint.org
> sty 30 10:10:00.540 [3276] dbg: FreeMail: No Reply-To and From is not
> freemail, skipping check
> rules: failed to run FORGED_GMAIL_RCVD test, skipping:
> (Can't locate object method
> "check_for_forged_gmail_received_headers" via package
> "Mail::SpamAssassin::PerMsgStatus" at (eval 1360) line 1587.
> )
> sty 30 10:10:00.540 [3276] dbg: rules: running body tests; score so
> far=0.914
> [...]
> "check_for_forged_gmail_received_headers" is only available on 3.4.2, this fixes the issue.
Giovanni
Re: (was: FORGED_HOTMAIL_RCVD2 false positive) Can't locate object
method "check_for_forged_gmail_received_headers" via package
"Mail::SpamAssassin::PerMsgStatus" at (eval 1360) line 1587.
Posted by Marcin Mirosław <ma...@mejor.pl>.
W dniu 29.01.2018 o 08:26, Giovanni Bechis pisze:
> On 01/29/18 06:00, Alex wrote:
>> Hi,
>>
>>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:')
>>> triggers for valid hotmail messages... (SA 3.4.1)
>>>
>>> This small change solves the problem but i do not know whether it is the
>>> correct way... maybe "hotmail" string should be changed widelly to
>>> "outlook|hotmail"...
>>>
>>> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
>>> 357c357
>>> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>>> ---
>>>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][
>>>> \):]/ && $ip)
>>
>> Any status on this? I believe you were going to open a bug report? It
>> doesn't appear this fix (or any fix) has been included to address the
>> hotmail fp's.
>>
> Committed yesterday by davej@
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7534
Hi!
Can error pasted below be related to this commit?
# sa-update -vD
[...]
sty 30 10:10:00.540 [3276] dbg: FreeMail: RULE (__freemail_reply)
check_freemail_replyto
sty 30 10:10:00.540 [3276] dbg: FreeMail: From address:
ignore@compiling.spamassassin.taint.org
sty 30 10:10:00.540 [3276] dbg: FreeMail: No Reply-To and From is not
freemail, skipping check
rules: failed to run FORGED_GMAIL_RCVD test, skipping:
(Can't locate object method
"check_for_forged_gmail_received_headers" via package
"Mail::SpamAssassin::PerMsgStatus" at (eval 1360) line 1587.
)
sty 30 10:10:00.540 [3276] dbg: rules: running body tests; score so
far=0.914
[...]
Re: FORGED_HOTMAIL_RCVD2 false positive
Posted by Pedro David Marco <pe...@yahoo.com>.
Thanks/ Grazie mile Giovanni...
--------PedroD
On Monday, January 29, 2018, 8:27:01 AM GMT+1, Giovanni Bechis <gi...@paclan.it> wrote:
On 01/29/18 06:00, Alex wrote:
> Hi,
>
>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:')
>> triggers for valid hotmail messages... (SA 3.4.1)
>>
>> This small change solves the problem but i do not know whether it is the
>> correct way... maybe "hotmail" string should be changed widelly to
>> "outlook|hotmail"...
>>
>> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
>> 357c357
>> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>> ---
>>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][
>>> \):]/ && $ip)
>
> Any status on this? I believe you were going to open a bug report? It
> doesn't appear this fix (or any fix) has been included to address the
> hotmail fp's.
>
Committed yesterday by davej@
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7534
Cheers
Giovanni
Re: FORGED_HOTMAIL_RCVD2 false positive
Posted by Giovanni Bechis <gi...@paclan.it>.
On 01/29/18 06:00, Alex wrote:
> Hi,
>
>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:')
>> triggers for valid hotmail messages... (SA 3.4.1)
>>
>> This small change solves the problem but i do not know whether it is the
>> correct way... maybe "hotmail" string should be changed widelly to
>> "outlook|hotmail"...
>>
>> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
>> 357c357
>> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
>> ---
>>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][
>>> \):]/ && $ip)
>
> Any status on this? I believe you were going to open a bug report? It
> doesn't appear this fix (or any fix) has been included to address the
> hotmail fp's.
>
Committed yesterday by davej@
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7534
Cheers
Giovanni
Re: FORGED_HOTMAIL_RCVD2 false positive
Posted by Alex <my...@gmail.com>.
Hi,
> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:')
> triggers for valid hotmail messages... (SA 3.4.1)
>
> This small change solves the problem but i do not know whether it is the
> correct way... maybe "hotmail" string should be changed widelly to
> "outlook|hotmail"...
>
> /usr/local/share/perl/5.14.2/Mail/SpamAssassin/Plugin/HeaderEval.pm.orig
> 357c357
> < if ($rcvd =~ /from \S*\.hotmail.com \(\[$IP_ADDRESS\][ \):]/ && $ip)
> ---
>> if ($rcvd =~ /from \S*\.(?:outlook|hotmail)\.com \(\[$IP_ADDRESS\][
>> \):]/ && $ip)
Any status on this? I believe you were going to open a bug report? It
doesn't appear this fix (or any fix) has been included to address the
hotmail fp's.