You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Matus UHLAR - fantomas <uh...@fantomas.sk> on 2019/09/18 10:29:43 UTC

possible FORGED_GMAIL_RCVD false positive

Hello,

I have received following spam:

https://pastebin.com/SkvkVWik

This hits FORGED_GMAIL_RCVD although the message came from google mail
servers.

According to HeaderEval.pm, message apparently misses X-Google-Smtp-Source
header

is there any reason to expect that header in mail from gmail?
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...

Re: possible FORGED_GMAIL_RCVD false positive

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

>> On Wed, 18 Sep 2019 12:29:43 +0200
>> Matus UHLAR - fantomas wrote:
>> > I have received following spam:
>> >
>> > https://pastebin.com/SkvkVWik
>> >
>> > This hits FORGED_GMAIL_RCVD although the message came from google mail
>> > servers.
>> >
>> > According to HeaderEval.pm, message apparently misses
>> > X-Google-Smtp-Source header
>> >
>> > is there any reason to expect that header in mail from gmail?

>On Wed, Sep 18, 2019 at 08:40:55PM +0100, RW wrote:
>> It seems to always be there. The posts on the list have it, and I sent
>> some test messages from webmail and the Android app.

On 19.09.19 08:30, Giovanni Bechis wrote:
>both headers should be there, anyway the fp has been fixed in r1867159.
> Giovanni

I have other two examples without that one header, received from google.com
servers and both missing X-Google-Smtp-Source.

Is there source for this information or is it just based on observation?

However, yes, looking at that change, FP should be fixed. The downside is
that it needs update to SA, not just SA rules.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.

Re: possible FORGED_GMAIL_RCVD false positive

Posted by Giovanni Bechis <gi...@paclan.it>.

On Wed, Sep 18, 2019 at 08:40:55PM +0100, RW wrote:
> On Wed, 18 Sep 2019 12:29:43 +0200
> Matus UHLAR - fantomas wrote:
> 
> > Hello,
> > 
> > I have received following spam:
> > 
> > https://pastebin.com/SkvkVWik
> > 
> > This hits FORGED_GMAIL_RCVD although the message came from google mail
> > servers.
> > 
> > According to HeaderEval.pm, message apparently misses
> > X-Google-Smtp-Source header
> > 
> > is there any reason to expect that header in mail from gmail?
> 
> It seems to always be there. The posts on the list have it, and I sent
> some test messages from webmail and the Android app.
both headers should be there, anyway the fp has been fixed in r1867159.
 Giovanni

Re: possible FORGED_GMAIL_RCVD false positive

Posted by RW <rw...@googlemail.com>.

On Wed, 18 Sep 2019 12:29:43 +0200
Matus UHLAR - fantomas wrote:

> Hello,
> 
> I have received following spam:
> 
> https://pastebin.com/SkvkVWik
> 
> This hits FORGED_GMAIL_RCVD although the message came from google mail
> servers.
> 
> According to HeaderEval.pm, message apparently misses
> X-Google-Smtp-Source header
> 
> is there any reason to expect that header in mail from gmail?

It seems to always be there. The posts on the list have it, and I sent
some test messages from webmail and the Android app.