On Thu, 29 Nov 2012, Kris Deugau wrote:
I've just had another couple of reports of false positives due to hits
on one or more of the FROM_MISSP_* rules.
Curious coincidence: Almost all of the reports to date have involved
webform email for real estate companies. Most of the rest have involved
scan-to-email multifunction devices - mostly Xerox.... used by real
estate companies. O_o
Is there any possibility of getting user agent headers for these FPs? If a
particular piece of legit software always does this then obviously those
rules should ignore such messages.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
26 days until Christmas
