On Sat, 2009-04-25 at 22:58 +0200, Matus UHLAR - fantomas wrote:
> > On Sat, 2009-04-25 at 17:36 +0200, Mark Martinec wrote:
> > > It would save us the guesswork if you could provide the header section
> > > of the troublesome message. As Theo pointed out, there may be problem
> > > in Received header fields inserted by your trusted mailer - not
> > > necessarily
> > > a problem in the Date header field. This is not a single rule, but a code
> > > section which tries to guess the actual timetamp at the moment of a
> > > message reception.
>
> On 25.04.09 17:02, Rik wrote:
> > Thanks for the response Mark. I've sussed it. Whilst I binned the
> > messages concerned I managed to find another one (pasted below) and I
> > can easily see the problem in the headers now. Sanity is restored;
> >
> > Received: from mail.caucasus.net (localhost [127.0.0.1])
> > by mx.munged.com (Spam Firewall) with ESMTP id 79C392BF2B4
> > for <abarse...@munged.com>; Thu, 2 Apr 2009 21:11:40 +0400 (GET)
> > Received: from mail.caucasus.net (mail.caucasus.net [62.168.168.131]) by
> > mx.munged.com with ESMTP id 8Sd65BVE6VAShNZt for <abarse...@munged.com>;
> > Thu, 02 Apr 2009 21:11:40 +0400 (GET)
> > Received: from localhost (relay [62.168.168.208])
> > by mail.caucasus.net (Postfix) with ESMTP id 661FF3810AC
> > for <abarse...@munged.com>; Thu, 2 Apr 2009 21:11:40 +0400 (GET)
> > Received: from mail.caucasus.net ([62.168.168.131])
> > by localhost (relay.caucasus.net [62.168.168.208]) (amavisd-new, port
> > 10004)
> > with ESMTP id U9a1cdneOGIs for <abarse...@munged.com>;
> > Thu, 2 Apr 2009 21:11:40 +0400 (GET)
> > Received: from v (host-88-210-236-219.adsl.caucasus.net
> > [88.210.236.219])
> > by mail.caucasus.net (Postfix) with SMTP id 7C17C38105A
> > for <abarse...@munged.com>; Thu, 2 Apr 2009 21:11:38 +0400 (GET)
> > Message-ID: <f67d100cde8b4c059ab81fefd684d...@v>
> > From: "Ia Peradze" <i...@nic.ge>
> > To: "Alexander Barsegov" <abarse...@munged.com>
> > References:
> > <ebdc2591edb8204eb0b2a34ca36daa962faf4ae...@mailbox.munged.com>
> > Subject: Re: orangecab.ge domain re-registration
> > Date: Thu, 2 Apr 2009 21:05:52 -0400
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > MIME-Version: 1.0
> > Content-Type: multipart/alternative;
> > boundary="----=_NextPart_000_0255_01C9B3D6.CE788D30"
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Mailer: Microsoft Outlook Express 6.00.2900.5512
> > Disposition-Notification-To: "Ia Peradze" <i...@nic.ge>
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
> > X-Antivirus: avast! (VPS 090402-0, 04/02/2009), Outbound message
> > X-Antivirus-Status: Clean
>
> The same problem again. The Date: shows 8 hours more than all other
> Received: headers. Yes, the time zone IS important. When it's 21:11 +0400,
> it's only 17:11 +GMT (+0000) and only 13:11 -0400. So, 21:05 -0400 will be
> in aproximately 8 hours.
>
> Setting date to the future is the technique used by spammers to make their
> spam show as the most recent in the mailbox. The sender has misconfigured
> timezone.
>
> The description of the rule says it:
>
> describe DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
>
I guess you missed the bit where I said 'I sussed it out', but thanks
again.
