Anders Norrbring wrote:
[...] So, it's a "feature" in my Outlook 2003 to *not* include the Message-Id header.. Jesus!
But only if NOT using Exchange, right? :)
So, how can we go about to make the MSGID_FROM_MTA_SHORT detection skip clients which adds the mailer tag: "X-Mailer: Microsoft Office Outlook, Build 11.0.5510", or at least Build 11? Outlook 2003 do add that, so can the detection engine be told to check that and not tag up the e-mails as spam because of the erroneous "Message-Id" tag?
Well, it's OUTLOOK that's broken, but... a meta rule could easily be created to check for both. Something like (untested):
header CLIENT_OUTLOOK2003 X-Mailer =~ /Microsoft Office Outlook, Build 11/ meta OUTLOOK2003ADJUST (MSGID_FROM_MTA_SHORT && CLIENT_OUTLOOK2003) score OUTLOOK2003ADUST -3
So there's a fix for outlook, and a nice way for spammers to circumvent the check. :) Maybe tighten the rules down more to be prudent.
It might be easier to just tweak the score for MSGID_FROM_MTA_SHORT down, since blindly trusting the X-Mailer header isn't a great strategy unless you've got some other factor you can add to the meta to prevent simple forging.
- Bob
- Bob
