You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/06/30 20:50:45 UTC

[Bug 3558] Rule from the 20_head_tests.cf set hitting on FP's

http://bugzilla.spamassassin.org/show_bug.cgi?id=3558





------- Additional Comments From scott@innertraditions.com  2004-06-30 11:50 -------
Created an attachment (id=2080)
 --> (http://bugzilla.spamassassin.org/attachment.cgi?id=2080&action=view)
This is the headers from the email

Here is the Email header that triggered the FP's along with my description to
the SA-list.
Scott
>> Howdy folks,
>> This was just brought to my attention this morning. It is a legit 
>> message from a legit user using excite.com. There were three messages 
>> sent trying to get through to my user and all three were hammered by 
>> these rules.
>> 
>> Here is the header:
>> 
>> Return-Path: <MU...@excite.com>
>> Received: from excite.com (nn3.excitenetwork.com [207.159.120.57])
>>	by babyblue-eth1.parkstpress.com (8.10.2/8.10.2) with ESMTP id
i5TCTBR19131
>>	for <MY...@innertraditions.com>; Tue, 29 Jun 2004 08:29:12 -0400
>> Received: by xprdmailfe6.nwk.excite.com (Postfix, from userid 110)
>>	id 234B23DDC; Tue, 29 Jun 2004 08:30:49 -0400 (EDT)
>> To: MYSUER@innertraditions.com
>> Subject: hellloooooooo   it`s me
>> Received: from [208.60.249.61] by xprdmailfe6.nwk.excite.com via HTTP; 
>> Tue, 29 Jun 2004 08:30:49 EST
>> X-AntiAbuse: This header was added to track abuse, please include it 
>> with any abuse report
>> X-AntiAbuse: ID = 9763b6252acc1748ab9a8d15059c8147
>> Reply-To: MUNGED@excite.com
>> From: REAL NAME <MU...@excite.com>
>> MIME-Version: 1.0
>> X-Sender: MUNGED@excite.com
>> X-Mailer: PHP
>> Content-Type: text/plain; charset="us-ascii"
>> Content-Transfer-Encoding: 7bit
>> Message-Id: <20...@xprdmailfe6.nwk.excite.com>
>> Date: Tue, 29 Jun 2004 08:30:49 -0400 (EDT)
>> 
>> It got smacked hard on the following rules:
>> 
>> Content analysis details:   (7.10 points, 5 required)
>> RCVD_FAKE_HELO_DOTCOM (3.6 points)  Received contains a faked HELO hostname
>> SARE_FREE_WEBM_Excite (0.7 points)  Sender used free email account - may 
>> be spammer
>> RCVD_FAKE_HELO_DOTCOM_2 (2.8 points)  Received contains a faked HELO 
>> hostname (2)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.