On Thu, 20 Apr 2017, Merijn van den Kroonenberg wrote:
On Thu, 20 Apr 2017 10:41:21 -0400
Lyle Evans wrote:
I have been getting false positives from Yahoo due to
FORGED_MUA_MOZILLA hitting on a new X-Mailer line added by Yahoo
about 3/31/17
The X-Mailer line reads:
X-Mailer: WebService/1.1.9272 YahooMailNeo Mozilla/5.0 (Windows NT
10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/56.0.2924.87 Safari/537.36
/DCE\)/
My guess is that they are including the http user-agent header of the
browser that connected to their webmail server.
Correct, I also noticed this a few days ago. Maybe the rule could be
changed to exclude yahoo...but maybe other webmail applications do this
too, not sure.
Excluding when verified from Yahoo would be the proper approach.
Unfortunately masscheck is down for migration so any global fix won't go
out anytime soon...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
It is criminal to teach a man not to defend himself when he is the
constant victim of brutal attacks. -- Malcolm X (1964)
-----------------------------------------------------------------------
3 days until Max Planck's 159th birthday
