Bug 4496 - FPS with FORGED_MUA_OIMO
Summary: FPS with FORGED_MUA_OIMO
Status: RESOLVED WORKSFORME
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 3.1.0
Hardware: Other other
: P5 normal
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-07-23 08:56 UTC by Martin Blapp
Modified: 2019-06-18 17:42 UTC (History)
2 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
header that triggers false positive text/plain None Paul Griffith [NoCLA]
patch for 20_ratware.cf to fix false positive patch None Paul Griffith [NoCLA]
headers documenting FP on FORGED_MUA_OIMO text/plain None Per Jessen [NoCLA]
email header & body text/plain None Per Jessen [NoCLA]
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Blapp 2005-07-23 08:56:11 UTC 
I see some FPS per day relating from FORGED_MUA_OIMO. The problem seems to
be that there are clients out there which don't add e MSGID to mails. And
we see then MSGID_FROM_MTA_ID matching.

If we change the test to be:

meta FORGED_MUA_OIMO           (__OIMO_MUA && !__OIMO_MSGID &&
!__OUTLOOK_DOLLARS_MSGID && !__UNUSABLE_MSGID && !MSGID_FROM_MTA_ID)

the FPS cases are fixed. I've looked at the last three days:

yesterday:

58 ALL FORGED_MUA_OIMO
 1 SPM FORGED_MUA_OIMO + MSGID_FROM_MTA_ID
 3 HAM FORGED_MUA_OIMO + MSGID_FROM_MTA_ID

today:

62 ALL FORGED_MUA_OIMO
 1 SPM FORGED_MUA_OIMO + MSGID_FROM_MTA_ID
15 HAM FORGED_MUA_OIMO + MSGID_FROM_MTA_ID
Comment 1 Justin Mason 2007-01-05 08:49:37 UTC 
Please attach (in RFC-822 format, as an attachment, not pasted) the full
headers and body of sample messages.  Thanks.
Comment 2 Paul Griffith 2007-11-22 08:13:02 UTC 
Created attachment 4190 [details]
header that triggers false positive

This is all I could find from the Exim log, I hope it can you. Here are the
rules that are triggered.

FORGED_MUA_OIMO
MSGID_FROM_MTA_HEADER
SPF_PASS
Comment 3 Paul Griffith 2007-11-22 09:15:07 UTC 
Created attachment 4191 [details]
patch for 20_ratware.cf to fix false positive

Here is a patch that I made to fixed the false triggering of FORGED_MUA_OIMO
Comment 4 Per Jessen 2009-12-11 00:55:03 UTC 
Created attachment 4595 [details]
headers documenting FP on FORGED_MUA_OIMO

This morning I had an FP on FORGED_MUA_OIMO.
Comment 5 Per Jessen 2009-12-11 01:07:42 UTC 
My personal fix: 'D' added :

header __OIMO_MSGID  MESSAGEID =~ /^<[A-P]{26}A[ABCD]\.[-\w.]+\@\S+>$/m
Comment 6 Henrik Krohns 2011-05-02 10:04:41 UTC 
Closing, seems to be fixed in 3.3+
Comment 7 Per Jessen 2011-05-13 11:49:39 UTC 
I've just had an FP on this again - I'm running 3.2.5, but I used the applicable rules from 3.3.1 (Mail-SpamAssassin-rules-3.3.1.r923114.tgz).
Comment 8 Henrik Krohns 2011-05-13 11:59:47 UTC 
(In reply to comment #7)
> I've just had an FP on this again - I'm running 3.2.5, but I used the
> applicable rules from 3.3.1 (Mail-SpamAssassin-rules-3.3.1.r923114.tgz).

You need to provide Message-ID header from the FP to verify.
Comment 9 Per Jessen 2011-05-13 12:51:41 UTC 
Yeah, sorry, I got interrupted: 

Message-ID: <42078AAE08ED487FB511FB55B3F6DB8E@PGN>
Message-ID: <C2895014FF874E2CA3AD8F19B3E5089B@PGN>
Message-ID: <9EB8422CE9EE43229E1FD6454A86E7D1@PGN>

I think the emails are auto-replies, but they're in tnef
format. I can provide complete headers if needed.
Comment 10 Per Jessen 2011-05-13 12:53:53 UTC 
Correction, they are "email read" confirmations.
Comment 11 Henrik Krohns 2011-05-13 13:03:37 UTC 
I guess we could use the other headers too. If these kind of Message-ID come only from auto-replies, maybe we could do a meta for them together.
Comment 12 Per Jessen 2011-05-13 13:23:19 UTC 
Created attachment 4885 [details]
email header & body

I've got another two, but they're virtually the same.
Comment 13 Henrik Krohns 2019-06-18 17:42:10 UTC 
Reopen if it's still a problem (unlikely?).