Am 31.01.2014 um 15:44 schrieb Matus UHLAR - fantomas <uh...@fantomas.sk>:
> On 31.01.14 12:36, Rainer Sokoll wrote: >> I have a (what I think) false positive that I do not understand: > >> Authentication-Results: mailgate2.x.de (amavisd-new); >> dkim=pass (512-bit key) header.d=x.com >> Received: from mail01.www3.x.com (mail01.www3.x.com >> [x.92.26.27]) by mailgate2.x.de (8.14.7/8.14.7) with ESMTP id >> s0UBDWqT022709 for <u...@x.de>; Thu, 30 Jan 2014 12:13:38 >> +0100 > > - this shows it went through sendmail 8.4.17 Yes, I now, because this is my sendmail ;-) And I should upgrade to 8.14.8 - but that’s another story. > >> Date: Thu, 30 Jan 2014 06:13:33 -0500 > >> X-Spam-Status: No, hits=4.7 required=100.0 >> tests=BAYES_60,DATE_IN_FUTURE_96_Q, >> HTML_FONT_FACE_BAD,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS >> autolearn=no version=3.3.2 > >> As far as I can see, all times are within a couple of seconds - so my >> question is: why SA adds DATE_IN_FUTURE_96_Q? > > I have seen that often too. > I have feeling that sendmail changes Date: to current if it's in the future. Maybe. I don’t think that there was a forged date, because that mail was not spam at all. But anyway: according to the wiki, DATE_IN_FUTURE_96_XX means: more than 96 hours in the future. Hard to imagine that the test is broken. Rainer
