Message from user inside www.pair.com:
>> Original message
Apparently Yahoo has slightly changed the routing of groups messages:
SA EvalTests.pm
/from \[$IP_ADDRESS\] by \S+\.(?:groups|grp\.scd)\.yahoo\.com with NNFMP/
Received headers with NNFMP:
from [66.218.69.1] by n22
"CONFIRMED_FORGED" FP messages just like this one.
--Roger
- Original Message -
From: "jdow" <[EMAIL PROTECTED]>
To:
Sent: Saturday, November 27, 2004 1:47 PM
Subject: Re: False Positives: CONFIRMED_FORGED from yahoo.com
At this point you're stuck reading the &
At this point you're stuck reading the "FORGED_YAHOO_RCVD" tests in
the 20_headers.cf file (at least on 2.63.) On my machine this is in
/usr/share/spamassassin. On closer look it appears this is a web mail
posting via yahoo to a yahoo group that fribbles is way around way more
yahoo machines than m
riginal Message -
From: "jdow" <[EMAIL PROTECTED]>
To:
Sent: Saturday, November 27, 2004 12:48 PM
Subject: Re: False Positives: CONFIRMED_FORGED from yahoo.com
Er, Roger, one might ask you what makes you think for a picosecond
that the message is not forged. Trace the header
Er, Roger, one might ask you what makes you think for a picosecond
that the message is not forged. Trace the headers backwards starting
at the top. I see nothing there to inspire belief in the headers below
the second "Received:" header.
{^_^}
- Original Message -
From: "Jolly ArrRoger" <
Can someone please explain why SA declares forgery on the attached message?
Seem to be getting an excessive number of false positives from legitimate
yahoo.com email addresses that are delivered through YahooGroups.com. I've
been "whitelisting" each one I find but wonder if there is a specific
a
