You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Frank Tore Johansen <fr...@osc.no> on 2004/10/23 12:40:31 UTC

False positives with FAKED_HOTMAIL_DAV

Hi, I have seen a handfull of these mails triggering FAKED_HOTMAIL_DAV, 
which is kind of bad since it adds 3.9 in version 2.63.

Here are the headers in question, and at the bottom comes the scores from 
spamassassin.

-Frank.

---

Received: from listserv.brown.edu (canis.services.brown.edu [128.148.19.203])
 	by serum.osc.no (8.11.6/8.11.1) with ESMTP id i9MHa4i21225
 	for <fr...@OSC.NO>; Fri, 22 Oct 2004 19:36:04 +0200
Received: from canis.services.brown.edu (canis.services.brown.edu [128.148.19.203])
 	by listserv.brown.edu (8.11.6+Sun/8.9.3) with ESMTP id i9MHYpd17217;
 	Fri, 22 Oct 2004 13:34:51 -0400 (EDT)
Received: from LISTSERV.BROWN.EDU by LISTSERV.BROWN.EDU (LISTSERV-TCP/IP
           release 1.8d) with spool id 3230944 for NAUSICAA@LISTSERV.BROWN.EDU;
           Fri, 22 Oct 2004 13:34:50 -0400
Approved-By: michael@NAUSICAA.NET
Received: from hotmail.com (bay18-f21.bay18.hotmail.com [65.54.187.71]) by
           listserv.brown.edu (8.11.6+Sun/8.9.3) with ESMTP id i9MGE6d08614 for
           <NA...@LISTSERV.BROWN.EDU>; Fri, 22 Oct 2004 12:14:06 -0400 (EDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri,
           22 Oct 2004 09:14:05 -0700
Received: from 172.202.236.243 by by18fd.bay18.hotmail.msn.com with HTTP; Fri,
           22 Oct 2004 16:13:07 GMT
X-Originating-IP: [172.202.236.243]
X-Originating-Email: [dgs_lilian@hotmail.com]
X-Sender: dgs_lilian@hotmail.com
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 22 Oct 2004 16:14:05.0187 (UTC)
                        FILETIME=[26DA0D30:01C4B852]
Message-ID:  <BA...@hotmail.com>
Date:         Fri, 22 Oct 2004 16:13:07 +0000
Reply-To: Hayao Miyazaki Discussion Group <NA...@LISTSERV.BROWN.EDU>
Sender: Hayao Miyazaki Discussion Group <NA...@LISTSERV.BROWN.EDU>
From: Lilian Chan <dg...@HOTMAIL.COM>
Subject:      Re: Ghibli Museum
To: NAUSICAA@LISTSERV.BROWN.EDU

>From: John Jacobs <jo...@HOTMAIL.COM>
>I was just wondering how to get tickets.
>Plus, have any of you been to it? Is it good?
>I love Ghibli, and I'm proud of being a new fan.


Hi John,

Good for u to be a new fan of Ghibli :)
I live in London and I went to the Museum last month. It was absolutely
fantastic. I nearly cried when I had to leave. I bought the tickets in
Japanese local convenience store, Lawson, after I landed in Tokyo. The
ticketing machine is not hard to use but it might be a bit risky to look for
tickets AFTER you arrive cos tickets for your desired dates may be sold out.
My trip to Japan lasted for 17 days so that was not a problem for me.
According to the official guide, you should purchase tickets from travel
agency in the UK. If you don't understand the purchase guide from the
website, contact the agency directly for details.

MY BUS CENTER
15 Lower Regent St., London SW1Y 4LR, U.K.
Tel: 020-7976-1191 / Facs: 020-7976-1192
mybusuk@jtbe.co.uk

Also take a look at http://anime-tourist.com/article.php?sid=607
It's US-based but provides good guide on how to get to the Museum. Although
the information about the exhibits sounds a bit outdated and I must say I
give much higher praises to the Museum than this article depicts :)

_________________________________________________________________
Linguaphone :  Learning English? Get Japanese lessons for FREE
http://go.msnserver.com/HK/46165.asp

        -- <URL: http://www.nausicaa.net/miyazaki/mailing-list > --
Unsubscribing? Send "UNSUBSCRIBE NAUSICAA" to LISTSERV@LISTSERV.BROWN.EDU



Content analysis details:   (3.8 points, 3.0 required)

  pts rule name              description
---- ---------------------- --------------------------------------------------
  0.6 FOR_FREE               BODY: No such thing as a free lunch (1)
  0.6 J_CHICKENPOX_21        BODY: 2alpha-pock-1alpha
-1.5 BAYES_01               BODY: Bayesian spam probability is 1 to 10%
                             [score: 0.0110]
  0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                             [172.202.236.243 listed in dnsbl.sorbs.net]
  0.1 RCVD_IN_NJABL          RBL: Received via a relay in dnsbl.njabl.org
                             [172.202.236.243 listed in dnsbl.njabl.org]
  3.9 FAKED_HOTMAIL_DAV      X-Originating-Email header does not match From

Re: False positives with FAKED_HOTMAIL_DAV

Posted by Matt Kettler <mk...@comcast.net>.

At 12:40 PM 10/23/2004 +0200, Frank Tore Johansen wrote:
>Hi, I have seen a handfull of these mails triggering FAKED_HOTMAIL_DAV, 
>which is kind of bad since it adds 3.9 in version 2.63.

The rule has been deleted from the 3.0 series due to FP problems.

Suggestion: zero out the rule until you can upgrade.

By the way, I'd suggest upgrading in a hurry. 2.63 is vulnerable to a 
malformed message denial of service attack that was fixed in 2.64 (and is 
fixed in 3.0 and 3.0.1)

If for some reason you can't run 3.0 on your system, at least upgrade to 
2.64 for security reasons.