On 14/02/13 12:04, Ned Slider wrote:
Hi list,
Is it just me or is TBIRD_SPOOF hitting pretty much all initial email
sent by Thunderbird, not via a ML etc?
$ grep TBIRD_SPOOF *.cf
72_active.cf:##{ TBIRD_SPOOF
72_active.cf:meta TBIRD_SPOOF __MUA_TBIRD && !__HAS_IN_REPLY_TO &&
!__HAS_X_REF && !__THREADED && !__VIA_ML && !__NOT_SPOOFED &&
!__HAS_SENDER && !__HAS_ERRORS_TO && !__HAS_X_BEEN_THERE &&
!__RP_MATCHES_RCVD && !ALL_TRUSTED && !__TO_EQ_FROM_DOM
72_active.cf:describe TBIRD_SPOOF Claims Thunderbird mail client but
looks suspicious
72_active.cf:#score TBIRD_SPOOF 3.00 # limit
72_active.cf:##} TBIRD_SPOOF
72_scores.cf:score TBIRD_SPOOF 3.000 2.999 3.000 2.999
If I send myself a simple test message, routed externally so as not to
hit ALL_TRUSTED, I get a hit on this rule. Replies etc are OK but the
initial email hits TBIRD_SPOOF and scores 3pts so it's that initial
first email in a tread that gets clobbered.
Any suggestions how to fix this?
Replying to myself,
I just updated my rules with sa-learn as I hadn't updated for a few
days, and it seems this rule has disappeared. Looks like it was only out
in the wild for a short time.
Thanks to those who replied off list.
Problem solved!
