SA Bugzilla – Bug 2140
False positive FORGED_MUA_EUDORA (Eudora Windows 4.3.1, 4.3.2)
Last modified: 2021-02-25 15:17:36 UTC
Mail sent with Eudora 4.3.0 and 4.3.1 produces a false positive on FORGED_MUA_EUDORA. Excerpts from two messages (I haven't obtained permission to attach the full messages): Message-Id: <4.3.1.20030626153030.00bfb3f8@pop-srv.cs.kun.nl> X-Mailer: QUALCOMM Windows Eudora Version 4.3 X-Spam-Status: No, hits=4.3 required=5.0 tests=FORGED_MUA_EUDORA,TO_MALFORMED version=2.54 X-Spam-Level: **** X-Spam-Checker-Version: SpamAssassin 2.54 (1.174.2.17-2003-05-11-exp) Message-Id: <4.3.0.20030616094647.00b40950@pop-srv.cs.kun.nl> X-Mailer: QUALCOMM Windows Eudora Version 4.3 X-Spam-Status: No, hits=3.5 required=5.0 tests=FORGED_MUA_EUDORA,FROM_ENDS_IN_NUMS version=2.54 X-Spam-Level: *** The problem is that the message id is rejected (from 20_ratware.cf): header __EUDORA_MSGID MESSAGEID =~ /^<(?:\d\d?\.){4,5}\d{14}\.[a-f0-9]{8}\@\S+>$/m The version numbers in the ids of the rejected messages consist of three parts (not four or five).
btw does anyone have full messages we can use?
This also appears using Eudora for PalmOS: (Excerpt of message follows with personal data removed:) Message-ID: <2.1-13648742-391-A-OEWW@some.smart.host> Date: Sun, 31 Aug 2003 17:58:23 +0100 X-Mailer: Eudora 2.1 for PalmOS Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-Spam-Status: No, hits=-2.2 required=5.0 tests=BAYES_20,FORGED_MUA_EUDORA version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
ok, Eudora for PalmOS shouldn't hit in 2.60 since there's a specific test for it.
I get 0 FPs if we lowered the 4 to a 3. will attach a sample 3 mail in a minute.
Created attachment 1435 [details] sample mail from eudora 4.3
fyi, I'm running a mass-check now just to check.
hrm. looks like the format is also different for 5.x: Message-Id: <5.2.1.1.0.20030924203657.026caad8@localhost port 111> X-Mailer: QUALCOMM Windows Eudora Version 5.2.1
1.622 2.9418 0.0000 1.000 1.00 0.01 T_FORGED_MUA_EUDORA 1.626 2.9418 0.0097 0.997 0.99 3.43 FORGED_MUA_EUDORA changing __EUDORA_MSGID to: header __EUDORA_MSGID MESSAGEID =~ /^<(?:\d\d?\.){3,5}\d{14}\.[a-f0-9] {8}\@\S+(?:\sport\s\d+)?>$/m
+1
Lowering the 4 to a 3 looks good to me, I also have examples of this. However, I don't have any examples of the "port" thing. port 111 is sunrpc which is pretty darn strange. Does it show up often, from multiple users and multiple sources?
Subject: Re: [SAdev] False positive FORGED_MUA_EUDORA (Eudora Windows 4.3.1, 4.3.2) On Mon, Sep 29, 2003 at 05:54:25PM -0700, bugzilla-daemon@bugzilla.spamassassin.org wrote: > However, I don't have any examples of the "port" thing. port 111 is sunrpc > which is pretty darn strange. Does it show up often, from multiple users > and multiple sources? It's the same user, 4 mails to a list I'm on.
+1 on the new format including the port thing too. I confirmed with someone using Eudora (message provided by Theo) that it adds the port if configured to connect to a different port, proxies and such.
committed to 2.61 and head.