For a couple of days now I could follow a strange behavior in my mail servers. More and more spam mails were tagged when they were clearly normal ham mails. All these e-mails have something in common: They were sent by an iPhone and didn't contain a subject nor body text, only an attached picture.
The problem is that such mails are now tagged by Razor (who knows why?):
Possible solutions show up. One of them is decreasing the Razor scoring, but as this is the first false-positive I personally see with Razor I don't want to do that. Instead a new spamassassin rule does the job:
header CK_IPHONE_PICTURE ALL =~ /boundary\=Apple\-Mail.*/
describe CK_IPHONE_PICTURE Mail sent by iPhone including picture
score CK_IPHONE_PICTURE -5.0
Of all the affected mails I checked, they all had some header info in common. This rule checks the mails for the Apple-Mail header and scores it a bit lower.
No comments yet.
Personal Internet VMware PHP Linux Shell Bluecoat Proxy Windows Hardware Virtualization Nagios MySQL DB Monitoring Mail Android Network Wyse Hacks Tomcat Postgres Apple Mac Backup BSD ZFS Solaris SmartOS Unix Multimedia Perl Database MongoDB CMS OTRS FreeBSD Wordpress LXC Nginx Proxmox DNS Graphics GlusterFS Security Chef HAProxy Icinga Ansible HTML MariaDB Containers Rancher Docker AWS ELK Kibana Logstash Filebeat Varnish PGSQL PostgreSQL ElasticSearch CouchDB Bash Macintosh Container Minio Grafana InfluxDB Databases NFS OSSEC SystemD Java Zoneminder Surveillance Elasticsearch SSL TLS Icingaweb2 Cloud Wireless Kubernetes Ubuntu