On Thu, Jan 16, 2003 at 10:39:38AM -0500, John Madden wrote: > I believe the logic is hosed there, then. There's nothing wrong with > announcing that your email address is @hotmail.com when sending through > another machine.
Actually, my reading of the code was incorrect, sorry. The current
version just looked for forged hotmail received headers if From has
hotmail.com in it. So the name does make more sense.
I got confused because in 2.50 there are now 2 rules. One looks for
Received has forged hotmail.com (FORGED_HOTMAIL_RCVD, similar to the 2.43
one but doesn't look at From), as well as a new one which checks for From
has hotmail.com but nothing saying hotmail.com in the Received headers
(SEMIFORGED_HOTMAIL_RCVD, only triggers if FORGED_HOTMAIL_RCVD doesn't).
The results, so far, are:
...t-easmith 0.257 1.8170 0.0000 1.000 0.93 1.42 FORGED_HOTMAIL_RCVD
...et-kramer 0.403 2.0179 0.0492 0.976 0.86 1.42 FORGED_HOTMAIL_RCVD
...s-net-mss 0.105 3.8462 0.0000 1.000 0.92 1.42 FORGED_HOTMAIL_RCVD
...t-quinlan 5.976 14.7666 0.0000 1.000 0.95 1.42 FORGED_HOTMAIL_RCVD
...rODbegbie 2.475 8.0266 0.0199 0.998 0.97 1.42 FORGED_HOTMAIL_RCVD
...-net-theo 1.676 4.2612 0.0000 1.000 0.94 1.42 FORGED_HOTMAIL_RCVD
...t-easmith 0.997 5.1914 0.3052 0.944 0.79 1.00 SEMIFORGED_HOTMAIL_RCVD
...et-kramer 0.323 1.3453 0.0983 0.932 0.75 1.00 SEMIFORGED_HOTMAIL_RCVD
...s-net-mss 0.249 2.6627 0.1807 0.936 0.76 1.00 SEMIFORGED_HOTMAIL_RCVD
...t-quinlan 1.337 3.1941 0.0752 0.977 0.87 1.00 SEMIFORGED_HOTMAIL_RCVD
...rODbegbie 0.652 1.3171 0.3584 0.786 0.47 1.00 SEMIFORGED_HOTMAIL_RCVD
...-net-theo 2.155 5.3957 0.0538 0.990 0.91 1.00 SEMIFORGED_HOTMAIL_RCVD
That third column is % of spam messages matched, fourth is % of ham
messages matches, and fifth is "% how spammy" the results are.
So the results basically say that the new FORGED_HOTMAIL_RCVD works very
well, but SEMIFORGED_HOTMAIL_RCVD isn't so hot but still more of a spamsign.
I was right about why FORGED_HOTMAIL_RCVD is triggering for you in 2.43
though: From has hotmail.com but there are no valid hotmail Received
headers. As you can see, apparently someone had the same problem and
split the rule into 2.
--
Randomly Generated Tagline:
If you want to program in C, program in C. It's a nice language. I
use it occasionally... :-)
-- Larry Wall in <[EMAIL PROTECTED]>
msg12459/pgp00000.pgp
Description: PGP signature
