Hi,
On Thu, May 25, 2017 at 3:29 PM, John Hardin <[email protected]> wrote:
> On Thu, 25 May 2017, Abhishek Tiwari wrote:
>
>> Hello,
>>
>> I have no backgroud about .
>> I am working on product which is mailserver
>>
>> I see a complaint online about a false positive,
>>
>> 1.FORGED_MUA_MOZILLA: 2.309, FORGED_YAHOO_RCVD: 1.63, HTML_MESSAGE: 0.001,
>> NO_RDNS_DOTCOM_HELO: 0.823, TOTAL_SCORE: 8.702,autolearn=no
>>
>> 2.
>> -0.000, BAYES_50: 1.567, FORGED_YAHOO_RCVD: 1.63,
>> URIBL_BLOCKED: 0.001, CUSTOM_BODY_RULE_NUMBER_715: 0.1, TOTAL_SCORE:
>> 3.298,autolearn=no
>> X-Spam-Level: ***
>>
>> Any suggestions, how these could be resolved
>
>
> It has already been reported that the FORGED_MUA_MOZILLA rule has FP
> problems with Yahoo. Please search the mailing list archives for "False
> Positives from yahoo due to FORGED_MUA_MOZILLA".
>
> At the moment the rule scoring and publication process is down for hardware
> replacement, so the fixed rules won't be available for a while.
>
> You can add the fix to your local SA config file:
>
> header __MOZILLA_MUA User-Agent =~ /^mozilla\b/i
>
> ...then remember to remove it when rule updates resume.
I have an email that hit __MOZILLA_MUA, but failed FORGED_MUA_MOZILLA
because it didn't match __MOZILLA_MSGID.
header __MOZILLA_MSGID MESSAGEID =~
/^<[A-F\d]{8}\.[A-F1-9][A-F\d]{0,7}\@\S+>$/m
The email is most definitely not spam. This is the Message-ID that didn't match:
Message-ID: <[email protected]>
Is it possible this is an FP?
Thanks,
Alex
