Bug 6073 - RCVD_BAD_ID FP
Summary: RCVD_BAD_ID FP
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 3.2.5
Hardware: Other All
: P5 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-23 11:49 UTC by Michael Scheidell
Modified: 2011-05-01 22:36 UTC (History)
2 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Scheidell 2009-02-23 11:49:15 UTC 
RCVD_BAD_ID hit on this email: yes, lotus notes ALWAYS does wierd things.
(and, not, mcgraw-hill was not hacked into by zombie spambots)

I suppose this is the line that caused this?

 with ESMTP id 2009022020022788:53204 ;



Received: from corp55wmr5-7.mcgraw-hill.com (corp55wmr5-12.mcgraw-hill.com [198.45.19.197])
        by mailserver.mcnabweb.com (Postfix) with ESMTP id 4E5EE15EDC5
        for <user@domain.com>; Fri, 20 Feb 2009 20:02:30 -0500 (EST)
X-IronPort-AV: E=Sophos;i="4.38,244,1233550800"; 
   d="scan'208,217";a="379912035"
Received: from unknown (HELO NYCAPP022.mhf2.mhf.mhc) ([151.108.226.119])
  by corp55wmr5-1.mcgraw-hill.com with ESMTP; 20 Feb 2009 20:02:28 -0500
Received: from sqnt11 ([192.34.110.54])
          by NY1APP051.mhf2.mhf.mhc (Lotus Domino Release 5.0.12)
          with ESMTP id 2009022020022788:53204 ;
          Fri, 20 Feb 2009 20:02:27 -0500 
Message-ID: <25600437.1235178147711.JavaMail.app03@sqnt11>
Date: Fri, 20 Feb 2009 20:02:27 -0500 (EST)
From: cusip_confirmation@standardandpoors.com
To: user@domain.com
Subject: CUSIP Confirmation: CHINA INTL TOURISM HLDGS LTD
MIME-Version: 1.0
charset: ISO-8859-1
X-MIMETrack: Itemize by SMTP Server on NY1APP051/SPAPPS(Release 5.0.12  |February 13, 2003) at
 02/20/2009 08:02:27 PM,
        Serialize by Router on NYCAPP022/SPAPPS(Release 5.0.12  |February 13, 2003) at
 02/20/2009 08:02:28 PM,
        Serialize complete at 02/20/2009 08:02:28 PM
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=us-ascii
Comment 1 John Wilcock 2009-05-27 05:02:30 UTC 
I've seen similar FPs from Lotus Domino:

Received: from titiana ([10.126.208.155])
          by snpar13.prod.par.ca-indosuez.com
          (Lotus Domino Release 5.0.10)
          with ESMTP id 2009051419545082:57354 ;
          Thu, 14 May 2009 19:54:50 +0200

Received: from CSLWMES01 ([172.16.84.2])
          by mta-out.gfi.fr (Lotus Domino Release 5.0.11)
          with ESMTP id 2009052713355315:113613 ;
          Wed, 27 May 2009 13:35:53 +0200

The colon in the id is clearly the problem, but I can't suggest a correction as I don't have any spam hits for this rule so don't know what it's trying to catch.
Comment 2 Henrik Krohns 2011-05-01 22:36:25 UTC 
This is disabled in 3.3+, but removed colon from rule anyway to be sure.

Sending        rulesrc/sandbox/felicity/70_other.cf
Transmitting file data .
Committed revision 1098426.