This is a discussion on Re: False positive on forged_mua_outlook - SpamAssassin ; If you guys are going to keep looking at the wrong part of the header information that I sent in nothing will get done. Please look at the section below the spam scoring. Here's the header from the user's email ...
If you guys are going to keep looking at the wrong part of the header
information that I sent in nothing will get done. Please look at the
section below the spam scoring. Here's the header from the user's email and
it was sent from Outlook Express:
Received: from unknown (HELO jade.xxxxxx.com) (18.104.22.168)
by 0 with ESMTPS (DHE-RSA-AES256-SHA encrypted); 6 May 2008 19:13:06 -0000
Received: from server (216-99-214-161.dsl.araxxx.com [22.214.171.124])
by jade.aracnet.com (8.13.6/8.12.8) with SMTP id m46JD528000907
; Tue, 6 May 2008 12:13:05 -0700
Subject: Camden Grey order 373
Date: Tue, 6 May 2008 12:13:04 -0700
X-Mailer: Microsoft Outlook Express 6.00.3790.3959
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4133
At 09:09 AM 5/10/2008, D Hill wrote:
>On Sat, 10 May 2008 at 10:13 +0200, firstname.lastname@example.org confabulated:
>>Randy Ramsdell wrote:
>>>Scratch that and reverse it. If it does match, then it will score the
>>>message header as fake. oops sorry. Let me check some more things.
>>Did outlook really generate this message-id:
>> Message-ID: <74BC081D12754719AD817A909757BB09@server>
>I just sent myself a test message from Outlook Express 6.00.2900.2180:
> Message-ID: <000601c8b29d$411e6620$fe01a8c0@meme>
>The message ID's part before the '@' and is two characters less than what
>you show. 'meme' is the name of my computer. Outlook and Outlook Express
>use the name of the computer in the message ID after the '@'. I don't have
>access to Outlook for testing.
>On a side note, Outlook and Outlook Express also HELO with the computer's
>name when sending a message through an email server.
Jeff Koch, Intersessions