You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matthew Newton <mc...@leicester.ac.uk> on 2005/02/02 16:00:11 UTC
Hotmail message scored high: bug?
Hi,
I have been asked why this message got such a "high" score. It seems to
mainly be because of the
3.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
rule. On first inspection I thought that the message was forged (see the
phx.gbl domain), but after creating a test hotmail account myself,
messages I send from that have this strange domain, too.
My guess is that the message was sent using Outlook Express directly to
Hotmail (I think this can be done if you pay for your hotmail account?).
This would explain the Outlook headers while the mail actually came from
hotmail.
Have tried to obfuscate minimal details to hide original sender (data
protection and all that), but apart from that all headers as supplied to
me are below.
Any ideas? Is this a bug in SA?
Thanks,
Matthew
Received: from artemis.le.ac.uk ([143.210.4.129]) by SUMAC.cfs.le.ac.uk
with Microsoft SMTPSVC(6.0.3790.211);
Tue, 1 Feb 2005 14:04:22 +0000
Received: from bay24-dav11.bay24.hotmail.com ([64.4.18.191] helo=hotmail.com)
by artemis.le.ac.uk with esmtp (Exim 4.44)
id 1Cvydg-00006G-HI
for removed@leicester.ac.uk; Tue, 01 Feb 2005 14:04:22 +0000
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Tue, 1 Feb 2005 06:03:00 -0800
Message-ID: <BA...@phx.gbl>
Received: from xx.xx.xx.xx by BAY24-DAV11.phx.gbl with DAV;
Tue, 01 Feb 2005 14:02:49 +0000
X-Originating-IP: [xx.xx.xx.xx]
X-Originating-Email: [removed@hotmail.com]
X-Sender: removed@hotmail.com
From: "removed" <re...@hotmail.com>
To: <re...@leicester.ac.uk>
Subject: removed
Date: Sun, 24 Oct 2004 17:45:00 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0005_01C4B9F1.2F7BDCC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-OriginalArrivalTime: 01 Feb 2005 14:03:00.0441 (UTC)
FILETIME=[BD3B8C90:01C50866]
X-Spam-Score: (+++++) 5.4
X-Spam-Report: This e-mail has been scored by SpamAssassin 3.0.2
Pts Rule name Description
---- ---------------------- ---------------------------------------
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.4 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
0.0 HTML_30_40 BODY: Message is 30% to 40% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5000]
0.1 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
3.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Return-Path: removed@hotmail.com
--
Matthew Newton <mc...@le.ac.uk>
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
Re: Hotmail message scored high: bug?
Posted by Tony Finch <do...@dotat.at>.
On Wed, 2 Feb 2005, Matthew Newton wrote:
>
> I have been asked why this message got such a "high" score. It seems to
> mainly be because of the
>
> 3.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
http://bugzilla.spamassassin.org/show_bug.cgi?id=4065
Tony.
--
f.a.n.finch <do...@dotat.at> http://dotat.at/
DOVER WIGHT PORTLAND PLYMOUTH: NORTHWEST VEERING NORTH OR NORTHEAST 4 OR 5.
MAINLY FAIR. GOOD.