SA Bugzilla – Bug 2538
address problems with Outlook forgery rules
Last modified: 2004-02-20 11:38:37 UTC
Creating a meta-bug to include a bunch of related bugs that will be fixed by the patch I'm working on. This will not fix *all* of the forgery rule problems in 2.60, but should fix most of them. I'll only mark the ones that are addressed by this patch as duplicates.
*** Bug 2107 has been marked as a duplicate of this bug. ***
Issue 1: Outlook IMO can also use the "dollar sign" Message-ID format (bug 2107)
*** Bug 2488 has been marked as a duplicate of this bug. ***
Issue 2: Outlook Express 4 can use 8 dollars instead of 12 for first grouping
*** Bug 2096 has been marked as a duplicate of this bug. ***
Issue 3: Outlook versions need to be specified to avoid matching on random mail programs with "Outlook" in the same (bug 2096)
*** Bug 2527 has been marked as a duplicate of this bug. ***
*** Bug 2357 has been marked as a duplicate of this bug. ***
*** Bug 1970 has been marked as a duplicate of this bug. ***
Issue 4: MISSING_OUTLOOK_NAME triggered because __HAS_OUTLOOK_IN_MAILER does not match "Office Outlook" (bug 2527, bug 2357, bug 1970)
One issue from bug 1970 will not be addressed in this bug, issue moved to bug 2503: grupos.com.br messages may have unusable Message-ID: header.
Created attachment 1442 [details] proposed fix for issues 1-4
Created attachment 1443 [details] proposed fix for issues 1-4 same patch, but in unified format I think the context one is easier to read for this patch, but since unified is the standard here, I'll provide unified as well.
2.61 milestone, needs review
<grrr> had the original/new backwards in diff: < 11.684 20.8552 0.3423 0.984 0.93 0.10 MISSING_OUTLOOK_NAME --- > 11.664 20.8552 0.2974 0.986 0.93 0.10 MISSING_OUTLOOK_NAME 4,5c4,5 < 1.922 3.4762 0.0000 1.000 0.95 2.09 FORGED_MUA_OIMO < 14.957 27.0478 0.0047 1.000 0.98 2.95 FORGED_MUA_OUTLOOK --- > 1.750 3.1650 0.0000 1.000 0.95 2.09 FORGED_MUA_OIMO > 15.075 26.9600 0.3777 0.986 0.94 2.95 FORGED_MUA_OUTLOOK
Created attachment 1444 [details] proposed fix for issues 1-4, fixes FORGED_MUA_OUTLOOK This should fix the FORGED_MUA_OUTLOOK false positives.
Created attachment 1445 [details] proposed fix for issues 1-4, fixes FORGED_MUA_OUTLOOK unified version
+1
ok, with the new patch: < 11.684 20.8552 0.3423 0.984 0.93 0.10 MISSING_OUTLOOK_NAME < 1.922 3.4762 0.0000 1.000 0.95 2.09 FORGED_MUA_OIMO < 14.957 27.0478 0.0047 1.000 0.98 2.95 FORGED_MUA_OUTLOOK --- > 11.664 20.8552 0.2974 0.986 0.95 0.10 MISSING_OUTLOOK_NAME > 1.750 3.1650 0.0000 1.000 0.97 2.09 FORGED_MUA_OIMO > 14.908 26.9600 0.0047 1.000 1.00 2.95 FORGED_MUA_OUTLOOK so basically everything does worse, except MISSING_OUTLOOK_NAME, which slightly improves.
> so basically everything does worse, except MISSING_OUTLOOK_NAME, which > slightly improves. That's the idea. The patch fixes false positive issues, so it's natural for spam hits to drop. The FORGED_MUA_OIMO test dropped spam hits due to bug 2107, your FPs are due to the allowance of the "dollar sign" message ID format. They are rare, but do seem to happen (I have only one example out of 742 recent messages, but I think we do need to make the change). The FORGED_MUA_OUTLOOK test dropped spam hits due to firming up the version numbers, etc. It's a pretty small drop for fixing all of the false positives that some people get.
Subject: Re: [SAdev] address problems with Outlook forgery rules On Fri, Oct 03, 2003 at 01:55:43PM -0700, bugzilla-daemon@bugzilla.spamassassin.org wrote: > That's the idea. The patch fixes false positive issues, so it's natural for > spam hits to drop. Yeah, it's just that since I had no FPs ... ;) but I hear you. It doesn't make anything significantly worse for me, so I'm a +1.
committed to branch and HEAD, closing
*** Bug 2599 has been marked as a duplicate of this bug. ***
The Milestone above is shown as 2.61, but I'm seeing this test fail and misclassify ham as spam. Here's the headers in question: X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Resent-Message-ID: <HhqE8B.A.AzG.idzMAB@foo.org> It is being classified as: 2.7 FORGED_MUA_OIMO Forged mail pretending to be from MS Outlook IMO The metarule in question: # Outlook IMO (Internet Mail Only) header __OIMO_MUA X-Mailer =~ /Outlook IMO/ header __OIMO_MSGID MESSAGEID =~ /^<[A-P]{26}A[AB]\.[-_\w.] +\@\S+>$/m meta FORGED_MUA_OIMO (__OIMO_MUA && !__OIMO_MSGID && ! __OUTLOOK_DOLLARS_MSGID && !__UNUSABLE_MSGID) describe FORGED_MUA_OIMO Forged mail pretending to be from MS Outlook IMO