At 01:00 PM 4/20/2017, John Hardin wrote:
On Thu, 20 Apr 2017, Merijn van den Kroonenberg wrote:
On Thu, 20 Apr 2017 10:41:21 -0400
Lyle Evans wrote:
I have been getting false positives from Yahoo due to
FORGED_MUA_MOZILLA hitting on a new X-Mailer line added by Yahoo
about 3/31/17
The X-Mailer line reads:
X-Mailer: WebService/1.1.9272 YahooMailNeo Mozilla/5.0 (Windows NT
10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/56.0.2924.87 Safari/537.36
/DCE\)/
My guess is that they are including the http user-agent header of the
browser that connected to their webmail server.
Correct, I also noticed this a few days ago. Maybe the rule could be
changed to exclude yahoo...but maybe other webmail applications do this
too, not sure.
Excluding when verified from Yahoo would be the proper approach.
I added && !__FROM_YAHOO_COM (from 20_headers.cf) to FORGED_MUA_MOZILLA
giving
FORGED_MUA_MOZILLA (__MOZILLA_MUA && !__UNUSABLE_MSGID &&
!__MOZILLA_MSGID && !__FROM_YAHOO_COM )
I am testing that now,
any comments or suggestions for improvement are welcome.
Lyle Evans
Unfortunately masscheck is down for migration so any global fix
won't go out anytime soon...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
