> "JM" == John Madden <[EMAIL PROTECTED]> writes:
>> else, do it. But don't fake the SMTP sender.
JM> Right - the SMTP sender wasn't faked. It was "blackboard
JM> (blackboard.ivy.tec.in.us...)" -- no mention of hotmail.com.
You're confusing the SMTP sender with the SMTP client.
-
> SA 2.43 triggers the FORGED_HOTMAIL_RCVD rule if there is a
> hotmail.com From: address, but no Received: header corresponding to the
> Hotmail format (like your case).
> This has been changed in SA 2.50, which differentiates between a hotmail
> address with forgerd hotmail received headers and h
On Thu, Jan 16, 2003 at 10:39:38AM -0500, John Madden wrote:
> I believe the logic is hosed there, then. There's nothing wrong with
> announcing that your email address is @hotmail.com when sending through
> another machine.
Actually, my reading of the code was incorrect, sorry. The current
vers
> There's nothing wrong with that, except when you announce it as the SMTP
> sender. That is, you're sending bounces there. This is a *very* common
> spammer trick. The test is misnamed perhaps, but the test
> itself is correct. If you want to set the From address to something
> else, do it. B
> Guess why the score for that rule was not set at 7.0 in the first place.
>
> Playing with the score of a single rule is a perilous excercise. The
> scores are computed to work correctly *together*, not in isolation.
I've found that some of the default rules don't work all that well. We
get a l
On Thu, Jan 16, 2003 at 10:15:05AM -0500, John Madden wrote:
> The full report contained within the rest of the message claims that SA is
> looking in the Received headers for the forging, and call me crazy, but I
> don't see any hotmail.com in the Received headers here.
SA 2.43 triggers the FORGE
On Thu, 16 Jan 2003, John Madden wrote:
> > Exactly. The mail has a hotmail from address, but nothing in the
> > Received headers says it came from hotmail, so it gets flagged.
>
> I believe the logic is hosed there, then. There's nothing wrong with
> announcing that your email address is @hotm
> "JM" == John Madden <[EMAIL PROTECTED]> writes:
>> Exactly. The mail has a hotmail from address, but nothing in the
>> Received headers says it came from hotmail, so it gets flagged.
JM> I believe the logic is hosed there, then. There's nothing wrong with
JM> announcing that your email ad
>> The full report contained within the rest of the message claims that
>> SA is looking in the Received headers for the forging, and call me
>> crazy, but I don't see any hotmail.com in the Received headers here.
>> The scenario here
>
> Exactly. The mail has a hotmail from address, but nothing i
