You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rejaine Monteiro <re...@bhz.jamef.com.br> on 2008/02/26 12:27:13 UTC
Hotmail DCC listed ???
This is the rule check for a 'normal' (non-spam) e-mail become from Hotmail:
pts rule name description
---- ----------------------
--------------------------------------------------
1.0 SUBJ_ALL_CAPS Subject is all capitals
2.3 FORGED_HOTMAIL_RCVD Forged hotmail.com 'Received:' header found
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4743]
0.2 MIME_BASE64_NO_NAME RAW: base64 attachment does not have a file name
2.2 DCC_CHECK Listed in DCC
(http://rhyolite.com/anti-spam/dcc/)
This FORGED_HOTMAIL_RCVD and DCC_CHECK are false positive???
Re: Hotmail DCC listed ???
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
we would need to see the full headers.
Regards,
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net
----- "Rejaine Monteiro" <re...@bhz.jamef.com.br> wrote:
> This is the rule check for a 'normal' (non-spam) e-mail become from
> Hotmail:
>
> pts rule name description
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Hotmail DCC listed ???
Posted by Rejaine Monteiro <re...@bhz.jamef.com.br>.
Michael Scheidell escreveu:
> hotmail changes their servers like boy george changes eye liner.
> unless you keep up with them, you will get FP's
> If you can't upgrade, set score to 0.
>
I'm running spamassassin 3.1.7 and use sa-update, but upgrade is not
possible for now ...
So, I will score FORGED_HOTMAIL_RCVD to 0... Anyway, Hotmail have a SPF
entry, will have to be enough.
Thank you !
Re: Hotmail DCC listed ???
Posted by Michael Scheidell <sc...@secnap.net>.
Rejaine Monteiro wrote:
> But, I not agree with the " 2.3 FORGED_HOTMAIL_RCVD" score, because
> the message come from Hotmail...
>
>
>
to to bugzilla for spamassassin. fill out a report for
forged_hotmail_rcvd (posting to SA list won't help any)
If you are NOT running SA 3.2.4, upgrade. if you are NOT running
sa-update, run it.
hotmail changes their servers like boy george changes eye liner. unless
you keep up with them, you will get FP's
If you can't upgrade, set score to 0.
--
Michael Scheidell, CTO
Main: 561-999-5000, Office: 561-939-7259
> *| *SECNAP Network Security Corporation
Winner 2008 Technosium hot company award.
www.technosium.com/hotcompanies/ <http://www.technosium.com/hotcompanies/>
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Re: Hotmail DCC listed ???
Posted by Rejaine Monteiro <re...@bhz.jamef.com.br>.
Michael Scheidell escreveu:
> 'However, interestingly enough, you have FORGED_HOTMAIL_RCVD. Did someone
> send an email from non hotmail source using a hotmail email address?
>
No, the message was send from hotmail site (www.hotmail.com)
> And, interestingly enough, SCREAMED AT YOU IN THE SUBJECT LINE?
> Was it 'spam', or was it a 'bulk' email?
>
Yes.. Subject is in capitals.. OK, I agree with "1.0 SUBJ_ALL_CAPS" score..
But, I not agree with the " 2.3 FORGED_HOTMAIL_RCVD" score, because the
message come from Hotmail...
Re: Hotmail DCC listed ???
Posted by Michael Scheidell <sc...@secnap.net>.
'hotmail' isn't listed in DCC.
DCC only scored on fuzy checksums on the body and portions of the headers.
Also, DCC is NOT a 100% 'spam score'. DCC is a 'bulk email' score.
Even well run technical mailing list emails are SUPPOSED to score high with
DCC. (its 'bulk'). Read The DCC documents on whitelisting your bulk email
marketing lists.
However, interestingly enough, you have FORGED_HOTMAIL_RCVD. Did someone
send an email from non hotmail source using a hotmail email address?
And, interestingly enough, SCREAMED AT YOU IN THE SUBJECT LINE?
Was it 'spam', or was it a 'bulk' email?
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBsd SpamAssassin Ports maintainer
Charter member, ICSA labs anti-spam consortium
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________