> On Thu, 20 Apr 2017 10:41:21 -0400 > Lyle Evans wrote: > >> I have been getting false positives from Yahoo due to >> FORGED_MUA_MOZILLA hitting on a new X-Mailer line added by Yahoo >> about 3/31/17 >> >> The X-Mailer line reads: >> >> X-Mailer: WebService/1.1.9272 YahooMailNeo Mozilla/5.0 (Windows NT >> 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) >> Chrome/56.0.2924.87 Safari/537.36 > /DCE\)/ > > My guess is that they are including the http user-agent header of the > browser that connected to their webmail server. >
Correct, I also noticed this a few days ago. Maybe the rule could be changed to exclude yahoo...but maybe other webmail applications do this too, not sure.
