Greetings -
I'm finalizing my ansible playbook for building up a nice mail system with all the goodies, with spamassassin being very central to it all. I have a test server set up in Azure that I run tests with using swaks (great tool). I push both ham and spam to it, with and without the old system spamassassin markup. The spamassassin on the test box is only trained with my current Inbox (3k) and spam (13k) folders, not yet with Trash (15k non-spam) or older Inbox (5k). I just noticed a few rules that are firing, but have zero value, and they seem like fairly important rules ... For example, this is a spam with no markup, where NO_DNS_FOR_FROM and SPF_NONE have zero. > ==== ====================== ================================================== > pts rule name description > ---- ---------------------- -------------------------------------------------- > 2.5 BAYES_50 BODY: Bayes spam probability is 40 to 60% > [score: 0.4998] > 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level > mail domains are different > 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS > [46.2.54.2 listed in zen.spamhaus.org] > 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > 0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL > 0.0 NO_DNS_FOR_FROM DNS: ENVELOPE SENDER HAS NO MX OR A DNS RECORDS > -0.5 FROM_IS_REPLY_TO From and REPPLY-TO is the same > 0.0 SPF_NONE SPF: SENDER DOES NOT PUBLISH AN SPF RECORD > 0.0 HTML_MESSAGE BODY: HTML included in message > 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any > anti-forgery methods > 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict > Alignment I tested against the old tired system, and the same two rules fire, also with zero value. Is this something I should be setting a value for myself ? I'm not sure what values to put, but it feels like if someone doesn't bother to set up SPF, or their sending domain has no MX/A records then they don't deserve to be sending ... What is the KAM_DMARC_STATUS rule for ? Also zero. Heh, the FROM_IS_REPLY_TO description has a slight typo ... -- Dean Carpenter deano is at areyes dot com
