SA Bugzilla – Bug 6062
barracude headers triggers FP on WEIRD_PORT
Last modified: 2009-02-09 09:43:22 UTC
the inclusion of an email forwared from a barracuda, with 'headers' included, and this in the email: x-barracuda-url:http://10.10.20.91:8000/cgi-bin/mark.cgi which is possible in every email outbound from a barracuda, rule triggers 'WEIRD_PORT' suggest excluding '^x-barracuda-url:http' from WEIRD_PORT tests. rule has low score (0.001) UNLESS BAYES OR NET NOT ACTIVE score WEIRD_PORT 1.599 1.499 1.089 0.001 (a 1.6 score could block an email from barracuda users, again, only if a full email, with headers is sent)
MSECS SPAM% HAM% S/O RANK SCORE NAME WHO/AGE 0.00000 0.0031 0.1054 0.029 0.37 1.60 WEIRD_PORT It's an under-performer anyway. Really poor S/O. Probably better to remove it altogether.
(In reply to comment #1) > It's an under-performer anyway. Really poor S/O. Probably better to remove it > altogether. I'd prefer to keep it as an informational rule (locked to 0.0001 or similar). occasionally it shows up in bad stuff (like phishing) as a good potential meta subrule.