I'm testing 2.60-rc3 out as a front end to a Lotus Notes server. That
server is sending out message IDs with a short RHS, of the form
[EMAIL PROTECTED]. Spamasssassin always
reports these as checking message (unknown) in its log output, although
it seems to recognise longer Message IDs which
Hi Carlo and Martin,
I was wondering I could ask a huge favor of you both. Could you search your
spam and ham history to see if there is a good correlation between the
Message-Id and Received line. I would like to do this myself but all my
messages are in Exchange.
I was thinking of something
Hi Jim,
-Original Message-
From: Jim
On Wed, Aug 27, 2003 at 04:43:41PM -0400, Larry Gilson wrote:
And shouldn't the first received line indicate
that the host that sent the message?
Not necessarily,
for example, I use a single copy of Mutt to send mail from
address is
-Original Message-
From: Martin Radford
On Tue, Aug 26, 2003 at 11:21:46AM +0100, Martin Radford wrote:
From my own collections:
with FQDNwith hostname only
ham: 2331 (85.6%) 391 (14.4%)
spam: 1925 (76%) 608
-Original Message-
From: Larry Gilson [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2003 12:15 AM
To: 'Martin Radford'
Cc: [EMAIL PROTECTED]
Subject: RE: [SAtalk] Message ID
-Original Message-
From: Martin Radford
On Tue, Aug 26, 2003 at 11:21:46AM
On Tue, Aug 26, 2003 at 02:03:59PM +0200, 'Carlo Wood' wrote:
I'll carefully make a new list that I will post later.
Ok, I now did it correctly - using an awk program.
Number of hams: 4548
Number of hams without '^(X-[Mm]ailer|User-Agent):': 1833
Number of Messsage ids with a domain: 4262
List
On Tue, 2003-08-26 at 13:44, Larry Gilson wrote:
Dave,
Thanks for your input. I have a better understanding now and agree with
you. I was headed down the wrong road.
It would be nice to have an @foo.localdomain format. That could be faked
too just like every other header field. It
On Wed, 27 Aug 2003, 'Carlo Wood' wrote:
List of mailers of mails with msg-id without domain:
X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail)
I haven't looked at the source in a while, but I'm almost certain this is
simply because IRIX's gethostname() doesn't return a FQDN, at least in
that
Hi Dave,
-Original Message-
From: Yorkshire Dave
I'm not sure that having an @foo or @foo.localdomain
message-id actually breaks any standards, although it may bend them
slightly.
RFC822/2822 seem to refer mainly to the uniqueness of the message-id.
RFC2822(3.6.4) recommends
On Wed, 2003-08-27 at 03:03, Larry Gilson wrote:
Hi Dave,
-Original Message-
From: Yorkshire Dave
I'm not sure that having an @foo or @foo.localdomain
message-id actually breaks any standards, although it may bend them
slightly.
RFC822/2822 seem to refer mainly to the
At Tue Aug 26 13:15:59 2003, 'Carlo Wood' wrote:
On Tue, Aug 26, 2003 at 11:21:46AM +0100, Martin Radford wrote:
From my own collections:
with FQDNwith hostname only
ham: 2331 (85.6%) 391 (14.4%)
spam: 1925 (76%) 608 (24%)
Thanks for taking the time to discuss this with me Dave. You probably have
a better understnding than me which helps educate me! I guess this whole
discussion is really moot as mail can easily be forged.
-Original Message-
From: Yorkshire Dave
I think the problem lies in that this
On Wed, Aug 27, 2003 at 04:43:41PM -0400, Larry Gilson wrote:
And shouldn't the first received line indicate
that the host that sent the message?
Not necessarily,
for example, I use a single copy of Mutt to send mail from address is
several domains. Each outbound message will use the same
At Tue Aug 26 13:03:59 2003, 'Carlo Wood' wrote:
Ah, damn... there are FOUR types of Message ID's:
Message-id:
Message-Id:
Message-ID:
MessageID:
That bottom one is not a Message-ID - there's no hyphen present.
The header is case-insensitive - so MessaGe-iD is also possible
(albeit
Hi All,
I tend to see a lot of spam with message IDs like:
Message-ID: [EMAIL PROTECTED]
The message that contained the above message ID hit the following tests:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
X-Spam-Report: Start SpamAssassin results
5.40
On Mon, Aug 25, 2003 at 09:58:42AM -0400, Larry Gilson wrote:
In reality, does anyone know of legitimate MUAs
or MTAs that do not form message IDs as @some.domain?
~/Mailegrep '^(Message-ID:|X-Mailer:)' * | grep -v ':Message-ID:[EMAIL PROTECTED]' |
grep -A1
Thanks Carlo! Looks like this test would not be good for a relay that
accepts mail from MUAs. However, it would probably be good if one only
expects traffic from MTAs - like gateways. I am surprised to see Exchange
and GroupWise. For Exchange, the OS must not have the default suffix
On Tue, 2003-08-26 at 04:55, Larry Gilson wrote:
Thanks Carlo! Looks like this test would not be good for a relay that
accepts mail from MUAs. However, it would probably be good if one only
expects traffic from MTAs - like gateways.
The majority of mail comes from MUAs if you think about
Larry Gilson writes:
Is it reasonable to assume that a message ID that is not in the form of
@some.domain is probably spam. If I remember correctly, there is no real
restriction on message IDs. In reality, does anyone know of legitimate MUAs
or MTAs that do not form message IDs as
At Tue Aug 26 04:55:01 2003, Larry Gilson wrote:
Thanks Carlo! Looks like this test would not be good for a relay that
accepts mail from MUAs. However, it would probably be good if one only
expects traffic from MTAs - like gateways. I am surprised to see Exchange
and GroupWise. For
On Mon, Aug 25, 2003 at 11:55:01PM -0400, Larry Gilson wrote:
Thanks Carlo! Looks like this test would not be good for a relay that
accepts mail from MUAs. However, it would probably be good if one only
expects traffic from MTAs - like gateways. I am surprised to see Exchange
and GroupWise.
On Tue, Aug 26, 2003 at 11:21:46AM +0100, Martin Radford wrote:
From my own collections:
with FQDNwith hostname only
ham: 2331 (85.6%) 391 (14.4%)
spam: 1925 (76%) 608 (24%)
While I'm not very good with statistics, this rule
-Original Message-
From: Martin Radford [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 6:22 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [SAtalk] Message ID
At Tue Aug 26 04:55:01 2003, Larry Gilson wrote:
Thanks Carlo! Looks
Dave,
Thanks for your input. I have a better understanding now and agree with
you. I was headed down the wrong road.
It would be nice to have an @foo.localdomain format. That could be faked
too just like every other header field. It would also be difficult to
expect every day
Good numbers to see Martin. Thanks!
Regards,
Larry
-Original Message-
From: Martin Radford
From my own collections:
with FQDNwith hostname only
ham: 2331 (85.6%) 391 (14.4%)
spam: 1925 (76%) 608 (24%)
While I'm not
25 matches
Mail list logo
