1798 – User-Agent - Message-ID mismatch / forgery

Bug 1798 - User-Agent - Message-ID mismatch / forgery

Summary: User-Agent - Message-ID mismatch / forgery

Status:	RESOLVED DUPLICATE of bug 1589

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	2.53
Hardware:	PC FreeBSD

Importance:	P5 normal
Target Milestone:	2.60
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-04-18 08:12 UTC by Will England
Modified:	2003-04-18 01:07 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
full spam message with forged UA/MsgID headers	text/plain			None	Will England
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Will England 2003-04-18 08:12:15 UTC

Spam sent with forged Message-ID indicating message from Pine, forged User-Agent
indicating sent from Mozilla; both of which give high ham scores.  Perhaps a new
rule to sanity check User-Agent / Message ID combos?



Date: Fri, 18 Apr 2003 08:08:20 -0800
From: "Your Dollar Store" <mds23435999@mail.com>
To: will@mylanders.com
Subject: Your own Online Dollar Store in 15 mins or less
Message-ID: <Pine.LNX.4.31.0301010903119.63808-52651071@mail.n1.nlite>
References: <Pine.LNX.4.31.0301011169278.2149-29742985@mail.n1.nlite>
In-Reply-To: <Pine.LNX.4.31.0301011407679.5894-28231974@mail.n1.nlite>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
    boundary="==NextPart==12053448.878412.11002.==NextPart=="
X-Priority: Normal
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020510
X-Spam-Status: No, hits=-14.6 required=5.0
        tests=BAYES_90,CLICK_BELOW,FROM_ENDS_IN_NUMS,HTML_30_40,
              HTML_IMAGE_ONLY_10,IN_REP_TO,LIMITED_TIME_ONLY,
              MIME_BOUND_NEXTPART,REFERENCES,SUBJ_YOUR_OWN,
              USER_AGENT_MOZILLA_UA,USER_AGENT_PINE
        autolearn=ham version=2.53
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)

Comment 1 Will England 2003-04-18 08:14:21 UTC

Created attachment 898 [details]
full spam message with forged UA/MsgID headers

Comment 2 Matt Kettler 2003-04-18 08:56:51 UTC

Subject: Re: [SAdev]  User-Agent -  Message-ID mismatch /
  forgery

This appears to be a duplicate of:

http://www.hughes-family.org/bugzilla/show_bug.cgi?id=1783

Which was closed because it is also a dupe:

http://www.hughes-family.org/bugzilla/show_bug.cgi?id=1589

Comment 3 Will England 2003-04-18 09:07:08 UTC

Dupe of 1589; marking resolved; posted spam sample to 1589 for reference.

*** This bug has been marked as a duplicate of 1589 ***