Bug#290978: spamassassin: FORGED_HOTMAIL_RCVD2 FPs with MSN Groups messages

Mon, 17 Jan 2005 17:53:22 -0800 

package: spamassassin
version: 3.0.2-1
severity: normal
tags: patch

Unfortunately, the FORGED_HOTMAIL_RCVD2 rule catches MSN Groups messages
which are sent from Hotmail accounts.

They do not have Hotmail received headers, instead they have
groups.msn.com headers:

1.2 FORGED_HOTMAIL_RCVD2   hotmail.com 'From' address, but no
'Received:'

Received: from bahamut.silverdream.org (bahamut.silverdream.org
[82.133.58.133])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client CN "bahamut.silverdream.org", Issuer "PinkLemonCA
Certificate Master" (verified OK))
        by lorien.silverdream.org (Postfix) with ESMTP id 1A3464805235
        for <[EMAIL PROTECTED]>; Sun, 16 Jan 2005 19:07:05 +0000 (GMT)
Received: from p02.groups.msn.com (p02.groups.msn.com
[65.54.195.210])
        by bahamut.silverdream.org (Postfix) with ESMTP id 12A3F103C
        for <[EMAIL PROTECTED]>; Sun, 16 Jan 2005 19:06:59 +0000 (GMT)
Received: from mail pickup service by p02.groups.msn.com with
Microsoft SMTPSVC;
         Sun, 16 Jan 2005 11:06:50 -0800

This could cause ham to be inadvertently marked as spam.

I had a look at the perl code (EvalTests.pm) and noticed that there is a
check_for_msn_groups_headers procedure, however, this doesn't appear to
be used anywhere..?

Aside from that, something like this might work, but my perl isn't
exactly great (yet):

*** EvalTests.pm        2005-01-18 01:24:41.000000000 +0000
--- EvalTests.pm.old    2004-12-16 03:10:03.000000000 +0000
***************
*** 335,342 ****
    $rcvd =~ s/\s+/ /gs;                # just spaces, simplify the
regexp

    return if ($rcvd =~
!         /from mail pickup service by hotmail\.com with Microsoft
SMTPSVC;/ or $rcvd =~
!       /from mail pickup service by [[:alnum:]]+.groups.msn.com with
Microsoft SMTPSVC;/);

    my $ip = $self->get('X-Originating-Ip');
    my $IP_ADDRESS = IP_ADDRESS;
--- 335,341 ----
    $rcvd =~ s/\s+/ /gs;                # just spaces, simplify the
regexp

    return if ($rcvd =~
!         /from mail pickup service by hotmail\.com with Microsoft
SMTPSVC;/);

    my $ip = $self->get('X-Originating-Ip');
    my $IP_ADDRESS = IP_ADDRESS;

It's also at http://www.silverdream.org/~jps/debian/sa_evaltests.diff if
it gets munged here.

-j

-- 
-jamie <[EMAIL PROTECTED]> | spamtrap: [EMAIL PROTECTED]
 w: http://www.silverdream.org | p: [EMAIL PROTECTED]
 pgp key @ http://silverdream.org/~jps/pub.key
 21:30:02 up 17 min,  2 users,  load average: 2.65, 2.52, 1.58

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to