Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » FORGED_OUTLOOK
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
My issue is with this "forged_outlook" deal i see in the scoring of some emails that are NOT spam and whatnot. this is a big deal because it's causing many emails that are not spam to be classified as spam. what can i edit to keep KMS from looking at this "forged_outlook" junk?
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
  •  
sgongola

Messages: 109
Karma: 0
Send a private message to this user
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
thanks. yea i found it in the scores file and edited it. we'll see if that does the trick!
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
FORGED_MUA_OUTLOOK

what about this??? FORGED_MUA_OUTLOOK?

in 50_scores.cf i modified to this and restarted kerio and this did nothing.

#score FORGED_MUA_OUTLOOK 4.199 4.199 2.963 3.116
score FORGED_MUA_OUTLOOK 0

then i look at the source of a messaged classified as spam and i find this:

X-Spam-Status: Yes, hits=5.4 required=5.0
tests=BAYES_50: 1.567,FORGED_MUA_OUTLOOK: 3.885,RDNS_NONE: 0,
TOTAL_SCORE: 5.452,autolearn=disabled
X-Spam-Flag: YES
X-Spam-Level: *****

so what is the deal? why is this FORGED_MUA_OUTLOOK still being scored???????????

ridiculous.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
linuxbox wrote on Mon, 08 June 2009 16:18


in 50_scores.cf i modified to this and restarted kerio and this did nothing.

#score FORGED_MUA_OUTLOOK 4.199 4.199 2.963 3.116
score FORGED_MUA_OUTLOOK 0

then i look at the source of a messaged classified as spam and i find this:

X-Spam-Status: Yes, hits=5.4 required=5.0
tests=BAYES_50: 1.567,FORGED_MUA_OUTLOOK: 3.885,RDNS_NONE: 0,
TOTAL_SCORE: 5.452,autolearn=disabled
X-Spam-Flag: YES
X-Spam-Level: *****



As you can see, the score for the test in the email is 3.885. This score is not in 50_scores.cf - the scores for this test are different. Therefore you probably edited wrong file or there is another score definition for this test in other .cf files.

When changing score in SA, NEVER edit the default .cf files. Put all changes in the local.cf file. It always overwrites default values.
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
Kerio_pdobry wrote on Mon, 08 June 2009 10:12

linuxbox wrote on Mon, 08 June 2009 16:18


in 50_scores.cf i modified to this and restarted kerio and this did nothing.

#score FORGED_MUA_OUTLOOK 4.199 4.199 2.963 3.116
score FORGED_MUA_OUTLOOK 0

then i look at the source of a messaged classified as spam and i find this:

X-Spam-Status: Yes, hits=5.4 required=5.0
tests=BAYES_50: 1.567,FORGED_MUA_OUTLOOK: 3.885,RDNS_NONE: 0,
TOTAL_SCORE: 5.452,autolearn=disabled
X-Spam-Flag: YES
X-Spam-Level: *****



As you can see, the score for the test in the email is 3.885. This score is not in 50_scores.cf - the scores for this test are different. Therefore you probably edited wrong file or there is another score definition for this test in other .cf files.

When changing score in SA, NEVER edit the default .cf files. Put all changes in the local.cf file. It always overwrites default values.


wonder why score FORGED_MUA_OUTLOOK is in the 50_scores.cf file then? this is how it is in the original 50_scores.cf file:

score FORGED_MUA_OUTLOOK 4.199 4.199 2.963 3.116

i'll add score FORGED_MUA_OUTLOOK 0 to local.cf and see if that cures this problem.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
linuxbox wrote on Mon, 08 June 2009 17:28


wonder why score FORGED_MUA_OUTLOOK is in the 50_scores.cf file then? this is how it is in the original 50_scores.cf file:

score FORGED_MUA_OUTLOOK 4.199 4.199 2.963 3.116


This is default value. In this case, SpamAssassin in KMS would use score 3.116 if the test matches.
Quote:


i'll add score FORGED_MUA_OUTLOOK 0 to local.cf and see if that cures this problem.


I doubt it can solve it. Since the score in the email headers is different from score in .cf file I think the header has been added by another server or another version of SpamAssassin. Unless you find that your SpamAssassin installation is modified and has another score definition for this test in other .cf files.

[Updated on: Mon, 08 June 2009 17:41]

  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
Kerio_pdobry wrote on Mon, 08 June 2009 10:41

linuxbox wrote on Mon, 08 June 2009 17:28


wonder why score FORGED_MUA_OUTLOOK is in the 50_scores.cf file then? this is how it is in the original 50_scores.cf file:

score FORGED_MUA_OUTLOOK 4.199 4.199 2.963 3.116


This is default value. In this case, SpamAssassin in KMS would use score 3.116 if the test matches.
Quote:


i'll add score FORGED_MUA_OUTLOOK 0 to local.cf and see if that cures this problem.


I doubt it can solve it. Since the score in the email headers is different from score in .cf file I think the header has been added by another server or another version of SpamAssassin. Unless you find that your SpamAssassin installation is modified and has another score definition for this test in other .cf files.


here is the original email header source (appears that my spamassassin on my server is responsible):

Received: from localhost
by smtp.mydomain.com; Mon, 8 Jun 2009 08:58:58 -0500
Date: Mon, 8 Jun 2009 08:58:58 -0500
Message-ID: <-749174406-3228<_a.t_>smtp.mydomain.com>
MIME-Version: 1.0
From: Mail Delivery Subsystem <postmaster<_a.t_>smtp.mydomain.com>
To: <spammer<_a.t_>mydomain.com>
Subject: SPAM: VoIP Call Center Buyer's Guide
Content-Type: multipart/mixed; boundary="MIME--749174406-41-delim"

--MIME--749174406-41-delim
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit


This is an informative message sent by mailserver
at smtp.mydomain.com.

The attached message did not pass through the server's spam filter.

--MIME--749174406-41-delim
Content-Type: message/rfc822



X-Spam-Status: Yes, hits=5.4 required=5.0
tests=BAYES_50: 1.567,FORGED_MUA_OUTLOOK: 3.885,RDNS_NONE: 0,
TOTAL_SCORE: 5.452,autolearn=disabled
X-Spam-Flag: YES
X-Spam-Level: *****
Received: from mail.tecumsehgroup.com ([216.45.19.20])
by smtp.mydomain.com
for me<_a.t_>mydomain.com;
Mon, 8 Jun 2009 08:58:57 -0500
Received: from [192.168.210.8] (CommercialInfo<_a.t_>Tek-Tips.com) by mail.tecumsehgroup.com; Mon, 8 Jun 2009 09:57:35 -0400
X-WM-Posted-At: mail.tecumsehgroup.com; Mon, 8 Jun 09 09:57:35 -0400
Date: Mon, 8 Jun 2009 09:42:20 -0400 (EDT)
From: CommercialInfo<_a.t_>Tek-Tips.com
To: me<_a.t_>mydomain.com
Message-ID: <29527819.538601244468540460.JavaMail.SYSTEM<_a.t_>matrix>
Subject: VoIP Call Center Buyer's Guide
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
also, here are the only files where FORGED_MUA_OUTLOOK is referenced. i use PowerGrep program to search all files in kerio program folder and subfolders:

c:\Program Files\Kerio\MailServer\plugins\spamassassin\rules\20_ratware .cf
c:\Program Files\Kerio\MailServer\plugins\spamassassin\rules\30_text_de .cf
c:\Program Files\Kerio\MailServer\plugins\spamassassin\rules\30_text_fr .cf
c:\Program Files\Kerio\MailServer\plugins\spamassassin\rules\30_text_nl .cf
c:\Program Files\Kerio\MailServer\plugins\spamassassin\rules\30_text_pl .cf
c:\Program Files\Kerio\MailServer\plugins\spamassassin\rules\50_scores. cf
c:\Program Files\Kerio\MailServer\plugins\spamassassin\rules\local.cf

looks like editing local.cf did solve the issue:
(debug spamassassin info)

[08/Jun/2009 10:55:18][5396] {spamassassin} Perl_stderr: [3496] dbg: check: tests=BAYES_99,FAKE_HELO_MAIL_COM,FAKE_HELO_MAIL_COM_DOM,FOR GED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML _FONT_SIZE_HUGE,HTML_IMAGE_ONLY_28,HTML_IMAGE_RATIO_04,HTML_ MESSAGE,HTML_TAG_BALANCE_BODY,MIME_HTML_ONLY,MISSING_MID,RCV D_MAIL_COM,RDNS_NONE
[08/Jun/2009 10:55:18][5396] {spamassassin} Perl_stderr: [3496] dbg: check: subtests=__ANY_OUTLOOK_MUA,__CT,__CTYPE_HAS_BOUNDARY,__DOS_H AS_ANY_URI,__DOS_RCVD_MON,__DOS_SINGLE_EXT_RELAY,__FB_NUM_PE RCNT,__FH_HAS_XMSMAIL,__FH_HAS_XPRIORITY,__FORGED_OE,__HAS_A NY_URI,__HAS_MIMEOLE,__HAS_MSMAIL_PRI,__HAS_RCVD,__HAS_SUBJE CT,__HAS_X_MAILER,__HTML_IMG_ONLY,__HTML_LINK_IMAGE,__IMG_ON LY,__LAST_UNTRUSTED_RELAY_NO_AUTH,__MIMEOLE_MS,__MIME_HTML,_ _MIME_VERSION,__MISSING_REF,__NONEMPTY_BODY,__NO_INR_YES_REF ,__OE_MUA,__RDNS_NONE,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__ TAG_EXISTS_HTML,__XM_MSOE6,__XM_MS_IN_GENERAL,__XM_OUTLOOK_E XPRESS
[08/Jun/2009 10:55:18][3076] {spam} SpamAssassin result string for message file C:\Program Files\Kerio\MailServer\store/queue/04/4a2d3462-00000283.eml, intrinsic time 0.16s, total time 0.16s: Yes, 22,5,BAYES_99: 4.07,FAKE_HELO_MAIL_COM: 2.22,FAKE_HELO_MAIL_COM_DOM: 2.498,FORGED_MUA_OUTLOOK: 0,FORGED_OUTLOOK_HTML: 3.872,FORGED_OUTLOOK_TAGS: 3.537,HTML_FONT_SIZE_HUGE: 0.128,HTML_IMAGE_ONLY_28: 1.732,HTML_IMAGE_RATIO_04: 1.057,HTML_MESSAGE: 0.001,HTML_TAG_BALANCE_BODY: 0.351,MIME_HTML_ONLY: 0.001,MISSING_MID: 0.001,RCVD_MAIL_COM: 2.532,RDNS_NONE: 0,autolearn=disabled

[Updated on: Mon, 08 June 2009 17:59]

Previous Topic: Kerio MailServer 6.7.0 Patch 1 released
Next Topic: Wrong timestamp after iMAP-Migration
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 20:10:18 CET 2017

Total time taken to generate the page: 0.00490 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.