Matt Kettler wrote:
Rick Macdougall wrote:
Hi,
As mentioned in the subject I'm getting an FP hit on forged_hotmail_rcvd
with 3.1.0 rc1 and rc2
It looks a bit like FORGED_HOTMAIL_RCVD doesn't like your Received: header
format. It seems to be looking for a more sendmail-like header.
That smells like a bug to me.
Your MTA is generating Received headers in a qmail-ish format like this:
from <rdns> (<ip>) by ...
But the rule seems to be looking for something more like sendmail's format:
from <helo> (<rdns> [<ip>]) by ..
Unless I'm missing something and SA internally converts qmail Received: header
formats into sendmail-style ones..
Munged message below.
eceived: from bay0-smtp04.bay0.hotmail.com (65.54.234.157)
by mta001.aei.ca with SMTP; 1 Sep 2005 17:00:09 -0000
Some quotes from EvalTests.pm:
# Hotmail formats its received headers like this:
# Received: from hotmail.com (f135.law8.hotmail.com [216.33.241.135])
# spammers do not ;)
if ($self->gated_through_received_hdr_remover()) { return; }
if ($rcvd =~ /from \S*hotmail.com \(\S+\.hotmail(?:\.msn)?\.com[ \)]/ && $ip)
{ return; }
Hi,
You are correct, it is a qmail server. Should I open a bugzilla ticket
? And what do you recommend I do for now, score the rule at 0 ?
Regards,
Rick
