Bug 1223 - FORGED_HOTMAIL_RCVD false positive
Summary: FORGED_HOTMAIL_RCVD false positive
Status: RESOLVED INVALID
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (Eval Tests) (show other bugs)
Version: 2.43
Hardware: PC other
: P2 normal
Target Milestone: ---
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-11-22 20:00 UTC by John DuBois
Modified: 2002-11-23 09:01 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John DuBois 2002-11-22 20:00:40 UTC 
Example:

Received: from auction2.nix.paypal.com by deepthought.armory.com with smtp
          id aa16425 for <spcecdt=ebay@armory.com>;
          Fri, 22 Nov 2002 9:36:28 -0800 (PST)
Received: (qmail 21122 invoked by uid 994); 22 Nov 2002 17:35:53 -0000
Date: Fri, 22 Nov 2002 09:35:53 -0800
Message-Id: <1037986553.21122@paypal.com>
From: sunnbatterycom@hotmail.com
To: spcecdt=ebay@armory.com
Subject: *****SPAM***** Congratulations!  You won "20 SONY CR2016 DL2016
BATTERIES BATTERY".
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: Yes, hits=7.1 required=5.0
        tests=ACCOUNT_CLICK,CLICK_BELOW,CLICK_HERE_LINK,CONGRATULATIONS,
              DATE_IN_FUTURE_06_12,FORGED_HOTMAIL_RCVD,HTML_50_70,
              MAILTO_LINK,NO_REAL_NAME,SPAM_PHRASE_05_08,YOU_WON
        version=2.43
X-Spam-Flag: YES
X-Spam-Level: *******
X-Spam-Checker-Version: SpamAssassin 2.43 (1.115.2.20-2002-10-15-exp)
X-Spam-Prev-Content-Type: multipart/alternative;
boundary="NextPart_048F8BC8A2197DE2036A"

There are no hotmail Received: headers in this message (just a 'From:' header),
 yet it was tagged with FORGED_HOTMAIL_RCVD.
Comment 1 Matthew Cline 2002-11-23 18:01:48 UTC 
FORGED_HOTMAIL_RCVD is defined as a message who's From indicates it came
from Hotmail.com, but Hotmail.com didn't actually send it, which can be
indicated either by fake looking Hotmail.com Received headers, or no
Hotmail.com headers at all; your example message matches the later case.
So the rule is acting correctly, but it might be better named
FORGED_HOTMAIL_FROM, since that's what it's really checking for, and it's
merely using the Received headers to see if the From header is forged.

Marking bug INVALID.