From 390c8290d7747e2ab53a821e8077ab3fc80a706f Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Fri, 1 May 2015 16:51:34 +0100
Subject: [PATCH] Add negation for forged thunderbird MID in case of maillist.

---
 conf/composites.conf | 6 +++++-
 conf/metrics.conf    | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/conf/composites.conf b/conf/composites.conf
index 35c23c375..1a0dacb68 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -10,7 +10,11 @@ composite {
 }
 composite {
     name = "FORGED_MUA_OUTLOOK_MAILLIST";
-    expression = "FORGED_MUA_OUTLOOK and MAILLIST";
+    expression = "FORGED_MUA_OUTLOOK and -MAILLIST";
+}
+composite {
+    name = "FORGED_MUA_THUNDERBIRD_MSGID_MAILLIST";
+    expression = "(FORGED_MUA_THUNDERBIRD_MSGID orFORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN) and -MAILLIST";
 }
 composite {
     name = "RBL_SPAMHAUS_XBL";
diff --git a/conf/metrics.conf b/conf/metrics.conf
index 75abf37ae..7c4839245 100644
--- a/conf/metrics.conf
+++ b/conf/metrics.conf
@@ -393,6 +393,11 @@ metric {
 	        description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID";
 	        name = "FORGED_MUA_THUNDERBIRD_MSGID";
 	    }
+	    symbol {
+	        weight = 0.0;
+	        description = "Avoid false positives for FORGED_MUA_THUNDERBIRD_MSGID in maillist";
+	        name = "FORGED_MUA_THUNDERBIRD_MSGID_MAILLIST";
+	    }
 	    symbol {
 	        weight = 2.500000;
 	        description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID";
-- 
2.39.5