You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Igor Ybema <ig...@virtu.nl> on 2006/10/24 14:38:46 UTC
hotmail false positive on new 'live mail' service
Dear users,
I recently discovered soms false positives from hotmail users. This
seems to originate from users which already are converted to there new
'live' website (instead of the old hotmail look).
What I see in the headers is that they changed there HELO:
Received: from BAY115-W3 ([65.54.250.103]) by
bay0-omc3-s38.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 17 Oct 2006 06:13:03 -0700
There is no 'hotmail.com' anymore in the HELO message. This way it gets
the tag 'FORGED_HOTMAIL_RCVD'. Did more people already discover this?
And is there already a solution?
Regards,
Igor Ybema, Network Operations
--------------------------------------------
Virtu
Auke Vleerstraat 1
7521 PE Enschede
Tel: +3153-4340570
Fax: +3153-4363098
E-mail: noc@virtu.nl
Internet: http://www.virtu.nl/
--------------------------------------------
Re: hotmail false positive on new 'live mail' service
Posted by Alex Bramley <al...@netservicesplc.com>.
Igor Ybema wrote:
> Dear users,
>
> I recently discovered soms false positives from hotmail users. This
> seems to originate from users which already are converted to there new
> 'live' website (instead of the old hotmail look).
>
> What I see in the headers is that they changed there HELO:
>
> Received: from BAY115-W3 ([65.54.250.103]) by
> bay0-omc3-s38.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
> Tue, 17 Oct 2006 06:13:03 -0700
>
> There is no 'hotmail.com' anymore in the HELO message. This way it gets
> the tag 'FORGED_HOTMAIL_RCVD'. Did more people already discover this?
> And is there already a solution?
I've noticed this problem a couple of times too. It looks like the tests
in the _check_for_forged_hotmail_received_headers subroutine in
Mail::SpamAssassin::EvalTests need to be updated to recognise this as valid.
Here are a couple more examples:
Received: from BAY101-W6 ([64.4.56.106]) by
bay0-omc3-s31.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 24 Oct 2006 07:39:10 -0700
Received: from BAY101-W9 ([64.4.56.109]) by
bay0-omc3-s7.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Wed, 25 Oct 2006 06:11:34 -0700
Cheers,
Alex