SA Bugzilla – Bug 5496
False positive on FORGED_MUA_OUTLOOK with Outlook Express
Last modified: 2008-05-29 01:32:19 UTC
The FORGED_MUA_OUTLOOK test has a false positive on ham that is really from outlook. Key headers are Message-ID: <8C51A835039D48A6A1CFA74053B91DE0@CDCHOME> X-Mailer: Microsoft Outlook Express 6.00.3790.3959
Created attachment 3969 [details] mail that triggered false positive
This is still present with 3.2.0.
With your required level of 1.0 , you shouldn't be surprised that a hard rule FPs on you. X-Spam-Status: Yes, score=1.5 required=1.0 tests=AWL,BAYES_00, FORGED_MUA_OUTLOOK autolearn=no version=3.1.7 Message-ID: <8C51A835039D48A6A1CFA74053B91DE0@CDCHOME> is not an Outlook Express Msg-ID. It was modified/replaced/broken by something else so markign it "forged" is correct.
Created attachment 3990 [details] False positive on FORGED_MUA_OUTLOOK The problem is still occurring with SpamAssassin 3.1.8. It looks like the default score for FORGED_MUA_OUTLOOK is now 4.1, so a false positive on that rule alone gets it close to being marked as spam with the default threshold of 5.0. I think the Message-ID header originally set by Outlook was altered by a Lyris ListManager, but the X-Mailer header was still set to "Microsoft Outlook Express 6.00.2900.3138". This is probably what triggered the FORGED_MUA_OUTLOOK. You can argue that this is a bug in Lyris ListManager, but it's going to happen frequently and SpamAssassin ought to deal with it. I recommend that the FORGED_MUA_OUTLOOK rule be altered to not trigger on e-mail that is forwarded through a list server.
We've had a very similar false positive report to this which does not involve a mailing list manager. As far as I know the messages are not going through anything that would change the Message-ID field. I'll attach a sample.
Created attachment 4272 [details] example false positive
Created attachment 4273 [details] example false positive
I think we can avoid all of these by matching for the release of Outlook & OE: : jm 75...; svn commit -m "add test rule to avoid FORGED_MUA_OUTLOOK FPs in bug 5496" rulesrc/ Adding rulesrc/sandbox/jm/20_bug5496.cf Transmitting file data . Committed revision 657561. let's see...
*** Bug 5910 has been marked as a duplicate of this bug. ***
http://ruleqa.spamassassin.org/?daterev=20080519-r657758-n&rule=%2FFORGED_MUA_OUTLOOK&srcpath=&g=Change 0.00000 9.3765 207602 of 2214067 messages 0.0100 12 of 119894 messages 0.999 0.97 4.20 FORGED_MUA_OUTLOOK 0.00000 9.3759 207589 of 2214067 messages 0.0100 12 of 119894 messages 0.999 0.97 0.01 T_FORGED_MUA_OUTLOOK_BUG5496 fine by me! checking that in. : jm 157...; svn commit -m "bug 5496, bug 5910: clear some FORGED_MUA_OUTLOOK false positives, particularly on the new-format Message-ID generated by the Outlook Express version used in Windows XP service pack 3" rules/20_ratware.cf rulesrc/sandbox/jm Deleting rulesrc/sandbox/jm/20_bug5496.cf Sending rules/20_ratware.cf Transmitting file data . Committed revision 658009. 3.2.x: : jm 165...; svn commit -m "bug 5496, bug 5910: clear some FORGED_MUA_OUTLOOK false positives, particularly on the new-format Message-ID generated by the Outlook Express version used in Windows XP service pack 3" rules/20_ratware.cf Sending rules/20_ratware.cf Transmitting file data . Committed revision 658010. and 3.2.x updates: : jm 184...; svn commit -m "sync up with 3.2.0 SVN rules file, including FORGED_MUA_OUTLOOK fp fixes for bug 5910 and 5496" /home/jm/ftp/sa/b3_2_0_updates/20_ratware.cf Sending /home/jm/ftp/sa/b3_2_0_updates/20_ratware.cf Transmitting file data . Committed revision 658011. update built as per http://wiki.apache.org/spamassassin/ManualRuleUpdates.
*** Bug 5914 has been marked as a duplicate of this bug. ***