> Anders Norrbring wrote:
>
> > [...]
> > So, it's a "feature" in my Outlook 2003 to *not* include the Message-Id
> > header.. Jesus!
>
> But only if NOT using Exchange, right? :)
>
> > So, how can we go about to make the MSGID_FROM_MTA_SHORT detection skip
> > clients which adds the mailer tag:
> > "X-Mailer: Microsoft Office Outlook, Build 11.0.5510", or at least Build
> 11?
> > Outlook 2003 do add that, so can the detection engine be told to check
> that
> > and not tag up the e-mails as spam because of the erroneous "Message-Id"
> > tag?
>
> Well, it's OUTLOOK that's broken, but... a meta rule could easily be
> created to check for both. Something like (untested):
>
> header CLIENT_OUTLOOK2003 X-Mailer =~ /Microsoft Office Outlook, Build 11/
> meta OUTLOOK2003ADJUST (MSGID_FROM_MTA_SHORT && CLIENT_OUTLOOK2003)
> score OUTLOOK2003ADUST -3
>
> So there's a fix for outlook, and a nice way for spammers to circumvent
> the check. :) Maybe tighten the rules down more to be prudent.
>
> It might be easier to just tweak the score for MSGID_FROM_MTA_SHORT
> down, since blindly trusting the X-Mailer header isn't a great strategy
> unless you've got some other factor you can add to the meta to prevent
> simple forging.
>
> - Bob
Here it is again, posted before... All the headers from a mail sent out via
my Outlook.. If there's something in the headers that can be treated as
"unique" or "safe", please let me know.
I'm afraid Bill G. doesn't invite med to his breakfasts, so my complaints
about the lacking header element probably won't be noticed.. :)
------------
Return-Path: <[EMAIL PROTECTED]>
Received: from mail.the-server.net ([unix socket])
by iris (Cyrus v2.1.15) with LMTP; Tue, 23 Mar 2004 11:35:17 +0100
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.0.1])
by mail.the-server.net (Postfix) with ESMTP id 8F02E10B7
for <[EMAIL PROTECTED]>; Tue, 23 Mar 2004 11:35:17 +0100 (CET)
Received: from mail.the-server.net ([127.0.0.1]) by localhost (iris
[127.0.0.1]) (amavisd-new, port 10024) with LMTP id 00478-04-9 for
<[EMAIL PROTECTED]>; Tue, 23 Mar 2004 11:35:07 +0100 (CET)
Received: from edit (edit.the-server.net [192.168.111.30])
by mail.the-server.net (Postfix) with ESMTP id 47FAE1099
for <[EMAIL PROTECTED]>; Tue, 23 Mar 2004 11:35:02 +0100 (CET)
From: "Anders Norrbring" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject:
Date: Tue, 23 Mar 2004 11:35:07 +0100
Organization: Norrbring Consulting
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
thread-index: AcQQwoKtCVChFjvBQJmJ8aPi1IcuzQ==
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by Amavisd-New, Kaspersky Lab's AV & NOD32 AV at
the-server.net
X-Spam-Status: No, hits=4.1 tagged_above=3.0 required=7.0 tests=BIZ_TLD,
MSGID_FROM_MTA_SHORT
X-Spam-Level: ****
Later,
Anders.
