https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6844
Kris Deugau <kdeu...@vianet.ca> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kdeu...@vianet.ca --- Comment #3 from Kris Deugau <kdeu...@vianet.ca> --- (In reply to comment #1) > Apparently the sender is using an ancient (insecure) OE version and should > be upgraded. Iirc this version was EOL in 2002. > > OE msg should include both headers as: > > X-Mailer: Microsoft Outlook Express 6.00.2600.0000 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > > Something removed the X-Mailer header or it was intentionaly forged. Both headers are there, but as noted the attachment was extracted from a Request Tracker instance, and for reasons beyond my understanding RT does not preserve RFC822 attachments intact and unaltered - it rewrites the character set and reorders the headers to various degrees. X-Mailer is the second header in the attachment, X-MimeOLE is in between Date: and To:. > I don't see this as a bug but more as a warning to the user that he/she > should update, urgently Not under my control (user is an ISP customer), or it wouldn't have been a problem in the first place. Looking more closely at the rules, FSL_UA and FSL_XM_419 will almost always trigger together; one subrule in FSL_UA is almost identical to FSL_XM_419: meta FSL_UA (__FSL_UA_1 || __FSL_UA_2) header __FSL_UA_1 User-Agent =~ /6\.00\.2600\.000/ header __FSL_UA_2 X-Mailer =~ /6\.00\.2600\.000/ header FSL_XM_419 X-Mailer =~ /\s+6\.00\.2600\.0000$/ The other subrule in FSL_UA triggers on the same version string in the User-Agent header - which header I don't remember ever seeing in legitimate OE mail. That alone might make a better rule to keep (assuming it hits anything at all; a search through my archive of spam reports shows *no* examples of a User-Agent header with that version number in it). The AXB_XMAILER_MIMEOLE_OL_024C2 subrules are much more specific in matching on the complete header value rather than just the version string, and require both X-Mailer and X-MimeOLE headers to trigger the scored rule instead of one or the other. -- You are receiving this mail because: You are the assignee for the bug.