You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Monnerie <m....@zmi.at> on 2006/03/31 13:32:15 UTC
Broken FORGED_MUA_OUTLOOK checks
Hi, I get some legitimate newletter that's incorrectly marked as
FORGED_OUTLOOK. Could someone fix that tests? Others may have that
problem, too.
(almost) full message at http://zmi.at/x/ham01.txt
mfg zmi
--
// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie
// http://zmi.at Tel: 0660/4156531 Linux 2.6.11
// PGP Key: "lynx -source http://zmi.at/zmi2.asc | gpg --import"
// Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net Key-ID: 0x70545879
Re: Broken FORGED_MUA_OUTLOOK checks
Posted by Michael Monnerie <m....@zmi.at>.
On Dienstag, 4. April 2006 09:23 Michael Monnerie wrote:
> Hi, I got feedback today that they use "Mass Mailer" to send their
> e-mails. So it's really a forged OE Mail. I told them to use
> something else, otherwise they won't be able to contact a lot of
> customers...
I received another e-mail from them, marked as SPAM. I believe it's too
strong to give a total of 5.8 points for FORGED_.*OUTLOOK.* rules, as
they are similar.
X-Spam-Status: Yes, hits=6.132 tagged_above=-999 required=5
tests=FORGED_MUA_OUTLOOK=3.36, FORGED_OUTLOOK_HTML=2.514,
HTML_FONT_BIG=0.256, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.001
Mass_checks on my corpus says:
MSECS SPAM% HAM% S/O RANK SCORE NAME
0.679 0.9814 0.2599 0.791 0.57 3.36 FORGED_MUA_OUTLOOK
0.557 0.8144 0.2021 0.801 0.56 3.25 FORGED_OUTLOOK_HTML
It looks like most e-mails hit both rules, or am I wrong?
mfg zmi
--
// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie
// http://zmi.at Tel: 0660/4156531 Linux 2.6.11
// PGP Key: "lynx -source http://zmi.at/zmi2.asc | gpg --import"
// Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net Key-ID: 0x70545879
Re: Broken FORGED_MUA_OUTLOOK checks
Posted by Michael Monnerie <mi...@it-management.at>.
On Dienstag, 4. April 2006 09:23 Michael Monnerie wrote:
> Hi, I got feedback today that they use "Mass Mailer" to send their
> e-mails. So it's really a forged OE Mail. I told them to use
> something else, otherwise they won't be able to contact a lot of
> customers...
I received another e-mail from them, marked as SPAM. I believe it's too
strong to give a total of 5.8 points for FORGED_.*OUTLOOK.* rules, as
they are similar.
X-Spam-Status: Yes, hits=6.132 tagged_above=-999 required=5
tests=FORGED_MUA_OUTLOOK=3.36, FORGED_OUTLOOK_HTML=2.514,
HTML_FONT_BIG=0.256, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.001
Mass_checks on my corpus says:
MSECS SPAM% HAM% S/O RANK SCORE NAME
0.679 0.9814 0.2599 0.791 0.57 3.36 FORGED_MUA_OUTLOOK
0.557 0.8144 0.2021 0.801 0.56 3.25 FORGED_OUTLOOK_HTML
It looks like most e-mails hit both rules, or am I wrong?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
Re: Broken FORGED_MUA_OUTLOOK checks
Posted by Michael Monnerie <mi...@it-management.at>.
On Dienstag, 4. April 2006 09:23 Michael Monnerie wrote:
> Hi, I got feedback today that they use "Mass Mailer" to send their
> e-mails. So it's really a forged OE Mail. I told them to use
> something else, otherwise they won't be able to contact a lot of
> customers...
I received another e-mail from them, marked as SPAM. I believe it's too
strong to give a total of 5.8 points for FORGED_.*OUTLOOK.* rules, as
they are similar.
X-Spam-Status: Yes, hits=6.132 tagged_above=-999 required=5
tests=FORGED_MUA_OUTLOOK=3.36, FORGED_OUTLOOK_HTML=2.514,
HTML_FONT_BIG=0.256, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.001
Mass_checks on my corpus says:
MSECS SPAM% HAM% S/O RANK SCORE NAME
0.679 0.9814 0.2599 0.791 0.57 3.36 FORGED_MUA_OUTLOOK
0.557 0.8144 0.2021 0.801 0.56 3.25 FORGED_OUTLOOK_HTML
It looks like most e-mails hit both rules, or am I wrong?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
Re: Broken FORGED_MUA_OUTLOOK checks
Posted by Michael Monnerie <m....@zmi.at>.
On Freitag, 31. März 2006 14:40 Sander Holthaus wrote:
> > (almost) full message at http://zmi.at/x/ham01.txt
> >
> > mfg zmi
>
> Are you sure that is a valid OE-email? Doesn't appear to me as such,
> hence I'd say the tests fired correctly.
Hi, I got feedback today that they use "Mass Mailer" to send their
e-mails. So it's really a forged OE Mail. I told them to use something
else, otherwise they won't be able to contact a lot of customers...
mfg zmi
--
// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie
// http://zmi.at Tel: 0660/4156531 Linux 2.6.11
// PGP Key: "lynx -source http://zmi.at/zmi2.asc | gpg --import"
// Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net Key-ID: 0x70545879
Re: Broken FORGED_MUA_OUTLOOK checks
Posted by Michael Monnerie <m....@zmi.at>.
On Freitag, 31. März 2006 14:40 Sander Holthaus wrote:
> Are you sure that is a valid OE-email? Doesn't appear to me as such,
> hence I'd say the tests fired correctly.
At least they are a company which sends e-mail only opt-in. They sell PC
parts. I don't believe they use spammers software - or what should it
be, if not OE?
mfg zmi
--
// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie
// http://zmi.at Tel: 0660/4156531 Linux 2.6.11
// PGP Key: "lynx -source http://zmi.at/zmi2.asc | gpg --import"
// Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net Key-ID: 0x70545879
Re: Broken FORGED_MUA_OUTLOOK checks
Posted by Sander Holthaus <in...@orangexl.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Monnerie wrote:
> Hi, I get some legitimate newletter that's incorrectly marked as
> FORGED_OUTLOOK. Could someone fix that tests? Others may have that
> problem, too.
>
> (almost) full message at http://zmi.at/x/ham01.txt
>
> mfg zmi
Are you sure that is a valid OE-email? Doesn't appear to me as such,
hence I'd say the tests fired correctly.
Kind Regards,
Sander Holthaus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
iD8DBQFELSMqVf373DysOTURAt4wAJ4mS4RgB8yVAcSmA97f69bh/ov1JgCg5Py3
gHq03oN53M+3mm3s7LH8zRA=
=60n9
-----END PGP SIGNATURE-----