-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ring, John C wrote: | I just learned of an issue we're having on a fail positive due to a hit on | INVALID_MSGID (and that I'd jacked the score on that up to 20, but that's | another story...). While I just learned of the issue today, it started a | bit ago for this sender. Looking in the logs, I see the last message we | received from them where the INVALID_MSGID rule was NOT hitting showed: [snip] | So, looking at: | | "/GUID:QPywoUg6DZ06+yvqCupCVJw*/G=Cam/S=Dowlat/OU=Corporate-Markham/O=Alcate | l Cable/PRMD=ACAB/ADMD=ATTMAIL/C=CA/"@MHS | | "-GUID:QnGodydG460CKmx35BCOvbw*-G=Cam-S=Dowlat-OU=Corporate-Markham-O=Alcate | l Cable-PRMD=ACAB-ADMD=ATTMAIL-C=CA-"@MHS | | Side-by-side, it seems[1] that the only substantial difference between them | is that they've replaced the "/" with "-". So I'm not certain why, if the | 1st is valid, why the 2nd one would not be considered valid as well?
They both seem to hit INVALID_MSGID here. I'm having some problems understanding why, it seems to be the space in "Alcatel Cable" as mandated by __SANE_MSGID (which I believe is not against RFC2822, as stated, provided it is in a quoted string). It would be interesting to see the full headers of the message that hit this rule.
BTW, why have *any* single rule scored at 20? Especially this one.
Craig. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCcq7mMDDagS2VwJ4RAt2HAJ90DPerqRK1svv4hRYQmibyqFTxPwCgsXLv leuuAl6eG9xgM+p7IDFxqcA= =Tpi5 -----END PGP SIGNATURE-----