As a Mailer agent, I also spotted the Xerox Workcenter to have a dirty bahavior.
As I had the very same problem as Kris, I personnaly did not disabled
those rules but builded some metas based on X-Mailer and Subject tests:
header __AJB_HAS_XEROX X-Mailer =~ /WorkCentre \d{3,5}/
header __AJB_XEROX_SUBJ Subject =~ /Scan from a Xerox/
I meta those sub-tests with FROM_MISSP_* and I compensate for the
scores. As I use some KHOP rules, I also meta this with KHOP_THREADED as
well as with some Thread related rules to avoid blocking forwarded scans.
I did not made a deep research, I could probably customize
__AJB_HAS_XEROX to match specific versions of this "broken" agent, but
this work good like that. As they say: "first make it work, then make it
better." But when it works, I ususally have something else to do than
make it better.
Works pretty well indeed.
Alex, from prypiat.
Yes, I recycle.
On 12-11-29 08:35 PM, Michael Orlitzky wrote:
> On 11/29/2012 05:43 PM, John Hardin wrote:
>> On Thu, 29 Nov 2012, Kris Deugau wrote:
>>
>>> I've just had another couple of reports of false positives due to hits
>>> on one or more of the FROM_MISSP_* rules.
>>>
>>> Curious coincidence: Almost all of the reports to date have involved
>>> webform email for real estate companies. Most of the rest have involved
>>> scan-to-email multifunction devices - mostly Xerox.... used by real
>>> estate companies. O_o
>> Is there any possibility of getting user agent headers for these FPs? If a
>> particular piece of legit software always does this then obviously those
>> rules should ignore such messages.
>>
> I had one guy actually read the rejection message and contact
> postmaster@ about this.
>
> His sig shows:
>
> Sent from my MOTOROLA ATRIX™ 2 on AT&T
>
> And the headers:
>
> X-Spam-Flag: NO
> X-Spam-Score: 4.224
> X-Spam-Level: ****
> X-Spam-Status: No, score=4.224 required=5 tests=[FREEMAIL_FROM=0.001,
> FROM_MISSP_EH_MATCH=2.499, FROM_MISSP_FREEMAIL=1.723,
> HTML_MESSAGE=0.001] autolearn=disabled
> From: "u...@example.com"<u...@example.com>
> X-Mailer: Motorola android mail 1.0
>
> It was relayed through AOL, who you think would clean that up. This
> particular model also base64 encodes the entire message...
signature.asc
Description: OpenPGP digital signature
