Hello,
I received a mail that hit FORGED_MUA_MOZILLA when in fact mail was
submitted via horde webmail:
Received: from 1.example.net (unknown [192.168.100.114])
(Authenticated sender: redacted)
by 2.example.net (Postfix) with ESMTPA id 77F972DB78F
for <xxx@example.com>; Mon, 12 Jul 2021 14:23:04 +0200 (CEST)
Received: from qqq.sk
(qqq.sk [192.0.2.1]) by example.org (Horde
Framework) with HTTPS; Mon, 12 Jul 2021 14:23:03 +0200
Date: Mon, 12 Jul 2021 14:23:03 +0200
Message-ID: <20210712140000.Horde.zzzzzzzzzz@example.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
meta FORGED_MUA_MOZILLA (__MOZILLA_MUA && !__UNUSABLE_MSGID && !__MOZILLA_MSGID)
header __MOZILLA_MUA User-Agent =~ /^mozilla\b/i
header __MOZILLA_MSGID MESSAGEID =~ /^<(?:[a-f\d]{8}-(?:[a-f\d]{4}-){3}[a-f\d]{12}|[A-F\d]{8}\.[A-F1-9][A-F\d]{0,7})\@\S+>$/m
meta __UNUSABLE_MSGID (__LYRIS_EZLM_REMAILER || __GATED_THROUGH_RCVD_REMOVER || __WACKY_SENDMAIL_VERSION || __IPLANET_MESSAGING_SERVER || __HOTMAIL_BAYDAV_MSGID || __SYMPATICO_MSGID && __GROUPSIO_GATED)
perhaps this should be expanded with check for horde webmail?
looks like we've had the same problem a few years ago with icewarp webmail:
https://mail-archives.apache.org/mod_mbox/spamassassin-users/201810.mbox/<7c094ffa-a1ee-b844-10b7-eca766c21275%40invaluement.com>
(i have access to a few icewarp servers, I can check that somewhere)
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
I received a mail that hit FORGED_MUA_MOZILLA when in fact mail was
submitted via horde webmail:
Received: from 1.example.net (unknown [192.168.100.114])
(Authenticated sender: redacted)
by 2.example.net (Postfix) with ESMTPA id 77F972DB78F
for <xxx@example.com>; Mon, 12 Jul 2021 14:23:04 +0200 (CEST)
Received: from qqq.sk
(qqq.sk [192.0.2.1]) by example.org (Horde
Framework) with HTTPS; Mon, 12 Jul 2021 14:23:03 +0200
Date: Mon, 12 Jul 2021 14:23:03 +0200
Message-ID: <20210712140000.Horde.zzzzzzzzzz@example.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
meta FORGED_MUA_MOZILLA (__MOZILLA_MUA && !__UNUSABLE_MSGID && !__MOZILLA_MSGID)
header __MOZILLA_MUA User-Agent =~ /^mozilla\b/i
header __MOZILLA_MSGID MESSAGEID =~ /^<(?:[a-f\d]{8}-(?:[a-f\d]{4}-){3}[a-f\d]{12}|[A-F\d]{8}\.[A-F1-9][A-F\d]{0,7})\@\S+>$/m
meta __UNUSABLE_MSGID (__LYRIS_EZLM_REMAILER || __GATED_THROUGH_RCVD_REMOVER || __WACKY_SENDMAIL_VERSION || __IPLANET_MESSAGING_SERVER || __HOTMAIL_BAYDAV_MSGID || __SYMPATICO_MSGID && __GROUPSIO_GATED)
perhaps this should be expanded with check for horde webmail?
looks like we've had the same problem a few years ago with icewarp webmail:
https://mail-archives.apache.org/mod_mbox/spamassassin-users/201810.mbox/<7c094ffa-a1ee-b844-10b7-eca766c21275%40invaluement.com>
(i have access to a few icewarp servers, I can check that somewhere)
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?