On Thu, 2009-05-21 at 20:54 +0100, Ned Slider wrote: > Hi, > > I'm seeing regular FPs against FORGED_MUA_OUTLOOK from one particular > (legitimate) sender, and not really understanding the rule it's > difficult to understand why or how to go about fixing it.
Hmm, sounds familiar. > Unfortunately I'm not in a position to openly post copies to the net, so > wondered if I could be a bit cheeky and ask if a dev would be prepared > to accept forwarded copies to look at just in case there's an issue with > the rule. Perhaps then we might be able to discuss the issue on list > disclosing only the offending parts of the messages. Can you ask the sender to generate samples? No sensitive content, and the email address most likely can be masked by you. Just be sure to not invalide any other data. Might require sending at different times. > I have 7 mails, 4 of which have triggered FORGED_MUA_OUTLOOK. Did you check Bugzilla? https://issues.apache.org/SpamAssassin/ Search for "A comment" contains "FORGED_MUA_OUTLOOK". Be sure to run this twice, once with the default (open bugs), and once specifically limited to Status RESOLVED, Resolution FIXED and DUPLICATE (multi selection supported). Start checking most recent ones, going back in time. In particular, check the Message-Id headers of your samples, and compare them against those mentioned to FP. guenther -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
