On 3/1/2005 11:21 AM, Stuart Johnston wrote:
I am seeing a lot of false positives on MSGID_FROM_MTA_ID. Anyone else seeing similar results? Suggestions? (SA 3.0.2)
Here is a sample header:
Return-Path: <[EMAIL PROTECTED]>
Received: from [10.2.100.6] (HELO gateway.ebby.com)
by ebby.com (CommuniGate Pro SMTP 4.1.6)
with ESMTP id 10388631 for [EMAIL PROTECTED]; Tue, 01 Mar 2005
From: "Neil Erbe" <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]>
It appears to be doing the right thing. The message originated off-net, but the Message-ID was added locally, which is pretty good spam-sign. Frankly I wish it worked here, because I've had to create my own rule to hit the same thing.
You can set the score for MSGID_FROM_MTA_ID to zero in a local .cf file if you want to disable the rule check.
Right, it is just that I get the impression that a lot of legitimate mail servers may be sending mail without proper Message-ID's, causing FPs. So, I wondered if anyone else had seen this as well.
Stuart Johnston
