> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> David B Funk
> Sent: Tuesday, November 04, 2003 1:13 AM
> To: Robert Kropiewnicki
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] What is tripping FORGED_MUA_MOZILLA?
>
>
> On Mon, 3 Nov 2003, Robert Kropiewnicki wrote:
>
> > Hello all,
> >
> > Other than injecting something into the headers to make it
> look like the MUA
> > was Mozilla, what else might trip this rule? We've had
> more than a few
> > occasions where we've crossed a threshold because of this
> rule. Hitting a
> > 2.7 point rule when the default threshold is only 5 is
> extremely frustrating
> > when you don't know why it is happening.
> >
> > I have seared the SA-Talk archives but the only information
> there seems to
> > speak as to why the rule was included in the first place.
> Any help in
> > understanding what is going on would be most appreciated.
> >
> > For what it's worth, there is nothing in the headers of any
> of the emails
> > we've had tagged that even mentioned Mozilla in the headers.
>
> Grep the Source Luke! ;)
>
Not a programmer, nor am I the person running the mail server with
spamassassin on it. If I knew which files I was supposed to be looking at
in the source code, I could probably figure it out eventually. As I
mentioned earlier, I did try to search for this via Google and the archives.
> Looking at the 20_meta_tests.cf SA source file, FORGED_MUA_MOZILLA
> is clearly dependent upon a 'X-Mailer:' header that contains the
> string "Mozilla" (plus other factors).
>
None of the email that has been sent back, or sent to me by an anti-spam
list, shows an X-Mailer purporting to be Mozilla.
> Do you have your mail client set to display -all- headers?
> Is it possible that you're overlooking that X-Mailer: header?
>
Given that this is what I understood to be the reason it would trip the
rule, I've searched for it every time it has been reported.
> If it's truely missing and you're seeing FORGED_MUA_MOZILLA then you
> either have a very broken SA installation or somebody has a local
> FORGED_MUA_MOZILLA rule definition that is overriding the SA supplied
> one.
>
There is more than one mail server that's reported the same thing. None of
the headers I've gotten back with the rejected emails have X-Mailer:Mozilla
or any other mention of Mozilla in them.
>
> FWIW, I consider running a threshold of 5 to be a bit risky, as a
> polluted Bayes will push you above that. I run 6 to be safer.
>
Looking at the spam rules and default point values on the spamassassin site,
I would agree with that.
By the way, no need to copy me on replies. I'm on the list. :-)
> --
> Dave Funk University of Iowa
> <dbfunk (at) engineering.uiowa.edu> College of Engineering
> 319/335-5751 FAX: 319/384-0549 1256 Seamans Center
> Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
> #include <std_disclaimer.h>
> Better is not better, 'standard' is better. B{
>
>
Regards,
Robert Kropiewnicki
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
