2107 – FORGED_MUA_OIMO is broken (deb bug)

Bug 2107 - FORGED_MUA_OIMO is broken (deb bug)

Summary: FORGED_MUA_OIMO is broken (deb bug)

Status:	RESOLVED DUPLICATE of bug 2538

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	SVN Trunk (Latest Devel Version)
Hardware:	Other other

Importance:	P5 normal
Target Milestone:	2.61
Assignee:	SpamAssassin Developer Mailing List

URL:	http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard:
Keywords:

Duplicates (1):	2248 (view as bug list)
Depends on:
Blocks:	2344
	Show dependency tree

Reported:	2003-06-20 13:21 UTC by spamassassin
Modified:	2003-10-01 09:45 UTC (History)
CC List:	1 user (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description spamassassin 2003-06-20 13:21:24 UTC

Package: spamassassin
Version: 2.53-1
Severity: normal

This is not a forgery.

----- Forwarded message from xxxxxxx xxxxxxx <xxxxxxx@xxxx.dist.unige.it> -----

Return-Path: xxxxxxx@xxxx.dist.unige.it
X-Original-To: md@wonderland.linux.it
Delivered-To: md@wonderland.linux.it
Received: from attila.bofh.it (localhost [127.0.0.1])
	by wonderland.linux.it (Postfix/Md) with ESMTP id 2B7DC1574D
	for <md@xxxxxxxxxx.linux.it>; Thu, 19 Jun 2003 19:36:29 +0200 (CEST)
Received: from picard.linux.it (picard.linux.it [::ffff:62.177.1.107])
	by attila.bofh.it (Postfix) with ESMTP id E433D5F81D
	for <md@xxxxxxxxxx.linux.it>; Thu, 19 Jun 2003 12:49:17 +0200 (CEST)
Received: from xxxxxxx.xxxx.dist.unige.it (unknown [::ffff:130.251.8.x])
	by picard.linux.it (Postfix) with ESMTP id 93A814241
	for <md@Linux.IT>; Thu, 19 Jun 2003 12:49:13 +0200 (CEST)
Received: from bacco (unknown [130.251.8.xxx])
	by xxxxxxx.xxxx.dist.unige.it (Postfix) with SMTP id 45A39BCAC
	for <md@Linux.IT>; Thu, 19 Jun 2003 12:49:12 +0200 (CEST)
From: xxxxxxx xxxxxxx <xxxxxxx@xxxx.dist.unige.it>
To: Marco d'Itri <md@Linux.IT>
Subject: link 
Date: Thu, 19 Jun 2003 12:53:14 +0200
Message-ID: <001101c33650$fbe63ec0$9a08fb82@com.dist.unige.it>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
X-Bogosity: No, tests=bogofilter, spamicity=0.140131, version=0.13.6.2
X-Spam-Status: Yes, hits=6.7 required=5.0
	tests=FORGED_MUA_OIMO,PORN_4
	version=2.53
X-Spam-Level: ******
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
X-Spam-Report:   This mail is probably spam.  The original message has been attached
  along with this report, so you can recognize or block similar unwanted
  mail in future.  See http://spamassassin.org/tag/ for more details.
  Content preview:  http://jamal.davintech.ca/ols/index.htm
  http://www.docum.org/ xxxxxxx xxxxxxx DIST - Facoltà di Ingegneria
  Università degli Studi di Genova Via all'Opera Pia 13 16145 Genova,
  Italia E-mail: xxxxxxx@xxxx.dist.unige.it Tel: +39 10 353 xxxx Fax: +39
  10 xxxxxxx [...] 
  Content analysis details:   (6.70 points, 5 required)
  PORN_4             (2.4 points)  URI: URL uses words and phrases which
indicate porn (4)
  FORGED_MUA_OIMO    (4.3 points)  Forged mail pretending to be from MS Outlook IMO
X-Spam-Flag: YES


http://jamal.davintech.ca/ols/index.htm
http://www.docum.org/

xxxxxxx xxxxxxx
DIST - Facoltà di Ingegneria
Università degli Studi di Genova
Via all'Opera Pia 13
16145 Genova, Italia
E-mail: xxxxxxx@xxxx.dist.unige.it
Tel: +39 10 353 xxxx
Fax: +39 10 353xxxx


----- End forwarded message -----

Seems OIMO didn't produce a message id.

Comment 1 Jesus Climent 2003-07-28 04:19:39 UTC

From another user, there is a proposal for the test:

Outlook after changing from corporate and workgroup mode to Internet
Mail only mode sometimes retains old Message ID generation
As a result messages that are HAM are hot with a 2.8 SPAM score

The test 

meta FORGED_MUA_OIMO  (__OIMO_MUA && !__OIMO_MSGID && !__UNUSABLE_MSGID)

should be replaced by

meta FORGED_MUA_OIMO  (__OIMO_MUA && !(__OIMO_MSGID || __OUTLOOK_MSGID_1) &&
!__UNUSABLE_MSGID)

Comment 2 Stefan Bertels 2003-08-24 03:32:36 UTC

Same problem here:

FORGED_MUA_OIMO    (2.8 points)  Forged mail pretending to be from MS Outlook 
IMO

Part of the Header (some parts *** (numbers) / xxx (customers mail gateway 
domain name) for privacy issues):

essage-ID: <002***************************@xxxxxxx.de>
MIME-Version: 1.0
Content-Type: multipart/related;
        boundary="----=_NextPart_***_****_********.********"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4925.2800

Comment 3 Daniel Quinlan 2003-10-01 17:44:26 UTC

*** Bug 2248 has been marked as a duplicate of this bug. ***

Comment 4 Daniel Quinlan 2003-10-01 17:45:46 UTC

will be fixed by meta bug 2538


*** This bug has been marked as a duplicate of 2538 ***