Merry Christmas jm, please look at this rule after Christmas holiday.
Not sure WHY 'MID_14DIGITS_HEX' if false positive on every postfix 2.3.4 (maybe more) (its in 3.7 updates: ../updates_spamassassin_org/80_additional.cf) Not sure if you know that a POSTFIX server produces this message id and ONLY this type of message id. Just because postfix produces this message id, doesn't mean its spam. Sample below: Message-Id: <[EMAIL PROTECTED]> Here is rule: header MID_14DIGITS_HEX Message-ID =~ /^<[EMAIL PROTECTED]/ updates_spamassassin_org/80_additional.cf:score MID_14DIGITS_HEX 2.8 It also looks like you added it to CVS: Author: jm Date: Wed Nov 1 05:35:54 2006 New Revision: 469903 So, every server running POSTFIX gets a 2.8 score added to it? Why is that? Ok, so you say 'sure, mike' just set the score to 0. Works fine here, but what about everyone who runs SA 3.17 and sa-update? They will score my email 2.8+ more than it should. This isn't one of those 'if you don't like how RFCI/SORBS/SARES/SPF score stuff, turn it off' That message id isn't non-compliant by RFC specs, so it should not be scored like that. If its looking for forged ms outlook stuff, maybe it should be a meta rule and also look for x-mailer outlook (but, guess what, if luser sends ME an email from outlook and his MTA doesn't add a message id, mine does. Not that I mind bouncing an email if the luser's MTA is non RFC compliant and doesn't add a message id, but I sure don't want MY outgoing email to bounce just because of a bad rule) -- Michael Scheidell, CTO SECNAP Network Security / www.secnap.com MediaPro Web based security and privacy training at www.secnap.com/training
