On 09/15/2017 02:26 PM, RW wrote:
> On Fri, 15 Sep 2017 11:50:25 +0100
> Sebastian Arcus wrote:
>
>> I see this has come up again and again. Since FORGED_YAHOO_RCVD seems
>> to work by checking the address of the Yahoo smtp server in the
>> headers against a predefined list of Yahoo servers in SA,
Hi,
On Fri, Sep 15, 2017 at 9:34 AM, Kevin A. McGrail
wrote:
> On 9/15/2017 8:26 AM, RW wrote:
>>
>> The rule was created and scored when spoofing Yahoo was very common,
>> but it isn't any more. I don't think it's worth keeping as it is - high
>> maintenance and error prone.
>
>
> Agreed. Score
On 15/09/17 14:34, Kevin A. McGrail wrote:
On 9/15/2017 8:26 AM, RW wrote:
The rule was created and scored when spoofing Yahoo was very common,
but it isn't any more. I don't think it's worth keeping as it is - high
maintenance and error prone.
Agreed. Score FORGED_YAHOO_RCVD to zero locally
On 9/15/2017 8:26 AM, RW wrote:
The rule was created and scored when spoofing Yahoo was very common,
but it isn't any more. I don't think it's worth keeping as it is - high
maintenance and error prone.
Agreed. Score FORGED_YAHOO_RCVD to zero locally and will get a bug open
to deprecate it.
On Fri, 15 Sep 2017 11:50:25 +0100
Sebastian Arcus wrote:
> I see this has come up again and again. Since FORGED_YAHOO_RCVD seems
> to work by checking the address of the Yahoo smtp server in the
> headers against a predefined list of Yahoo servers in SA, and Yahoo
> seems to add new servers all t
I see this has come up again and again. Since FORGED_YAHOO_RCVD seems to
work by checking the address of the Yahoo smtp server in the headers
against a predefined list of Yahoo servers in SA, and Yahoo seems to add
new servers all the time - which causes false positives, is there much
point to
