Git
/
mgeeky-decode-spam-headers
mirror of https://github.com/mgeeky/decode-spam-headers.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added two Office365 opaque rules: 42882007 and 78352004 identified by ipSlav

This commit is contained in:
Mariusz B. / mgeeky 2023-06-27 21:15:51 +02:00
parent a266b79ea1
commit 0489be1e7d
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -262,7 +262,11 @@ Having sent more than 60 mails already, this is what I can tell by now about Mic
# Triggered on an empty text message, subject "test" - that was marked with "Domain Impersonation", however # Triggered on an empty text message, subject "test" - that was marked with "Domain Impersonation", however
# ForeFront Anti-Spam headers did not support that Domain Impersonation. Weird. # ForeFront Anti-Spam headers did not support that Domain Impersonation. Weird.
'22186003' : '(GUESSING) Something to do with either Text message (non-HTML) or probable Domain Impersonation' '22186003' : '(GUESSING) Something to do with either Text message (non-HTML) or probable Domain Impersonation',
# Found by @ipSlav (https://github.com/mgeeky/decode-spam-headers/issues/15)
'42882007' : 'Missing Reply-To Address. Might be fixed by adding -ReplyTo flag to Send-MailMessage',
'78352004' : 'Missing Reply-To Address. Might be fixed by adding -ReplyTo flag to Send-MailMessage',
} }
``` ```
@ -669,6 +673,12 @@ ANALYSIS:
- But instead first hop resolved to: arubacloud.pl - But instead first hop resolved to: arubacloud.pl
``` ```
---
### Credits
- [ipSlav](https://github.com/ipSlav) - for [identifying two Office365 opaque rules](https://github.com/mgeeky/decode-spam-headers/issues/15): `42882007` and `78352004`
--- ---

6
decode-spam-headers.py
View File

@ -900,7 +900,11 @@ class SMTPHeadersAnalysis:
# Triggered on an empty text message, subject "test" - that was marked with "Domain Impersonation", however # Triggered on an empty text message, subject "test" - that was marked with "Domain Impersonation", however
# ForeFront Anti-Spam headers did not support that Domain Impersonation. Weird. # ForeFront Anti-Spam headers did not support that Domain Impersonation. Weird.
'22186003' : '(GUESSING) Something to do with either Text message (non-HTML) or probable Domain Impersonation' '22186003' : '(GUESSING) Something to do with either Text message (non-HTML) or probable Domain Impersonation',
# Found by @ipSlav (https://github.com/mgeeky/decode-spam-headers/issues/15)
'42882007' : 'Missing Reply-To Address. Might be fixed by adding -ReplyTo flag to Send-MailMessage',
'78352004' : 'Missing Reply-To Address. Might be fixed by adding -ReplyTo flag to Send-MailMessage',
} }
ForeFront_Spam_Confidence_Levels = { ForeFront_Spam_Confidence_Levels = {