Igor Ybema wrote:
Dear users,
I recently discovered soms false positives from hotmail users. This
seems to originate from users which already are converted to there new
'live' website (instead of the old hotmail look).
What I see in the headers is that they changed there HELO:
Received: from BAY115-W3 ([65.54.250.103]) by
bay0-omc3-s38.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 17 Oct 2006 06:13:03 -0700
There is no 'hotmail.com' anymore in the HELO message. This way it gets
the tag 'FORGED_HOTMAIL_RCVD'. Did more people already discover this?
And is there already a solution?
I've noticed this problem a couple of times too. It looks like the tests
in the _check_for_forged_hotmail_received_headers subroutine in
Mail::SpamAssassin::EvalTests need to be updated to recognise this as valid.
Here are a couple more examples:
Received: from BAY101-W6 ([64.4.56.106]) by
bay0-omc3-s31.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 24 Oct 2006 07:39:10 -0700
Received: from BAY101-W9 ([64.4.56.109]) by
bay0-omc3-s7.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Wed, 25 Oct 2006 06:11:34 -0700
Cheers,
Alex
