Re: kam channel
Thanks! We'll look to use this info to refine our rules more. On 11/29/2020 8:05 PM, RW wrote: On Sat, 28 Nov 2020 09:32:38 -0500 Kevin A. McGrail wrote: Some thoughts in line below. On Fri, Nov 27, 2020, 12:13 RW wrote: Maybe there's a difference in trunk, but otherwise the sub-rules that do the work still run when they aren't used, so there's little benefit. I believe if you look you'll find that we actually redefine some of the rules and then score them zero just for that purpose but if you find any that look to be still running please let me know. I looked at a half-dozen random examples of zero scored meta rules and none of then had suppressed sub-rules. I didn't recurse them very thoroughly though, but here's an obvious one: score FROM_FMBLA_NDBLOCKED 0 # __FROM_FMBLA_NDBLOCKED __FROM_FMBLA_NDBLOCKED is an askdns rule that used by nothing but FROM_FMBLA_NDBLOCKED, and it's not redefined in KAM_deadweight2_sub.cf One thing I noticed is: meta __RCVD_IN_ZEN 0 meta __RCVD_IN_DNSWL 0 which will presumably turn-off RCVD_IN_SBL, RCVD_IN_SBL_CSS, and the various RCVD_IN_DNSWL_* rules. There's also: meta __RCVD_IN_LASHBACK 0 meta __RCVD_IN_HOSTKARMA 0 meta __RCVD_IN_RPBL 0 meta __RCVD_IN_SORBS 0 meta __RCVD_IN_IADB 0 meta __RCVD_IN_MSPIKE_B 0 meta __RCVD_IN_MSPIKE_L 0 -- Kevin A. McGrail kmcgr...@apache.org Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: kam channel
On Sat, 28 Nov 2020 09:32:38 -0500 Kevin A. McGrail wrote: > Some thoughts in line below. > > On Fri, Nov 27, 2020, 12:13 RW wrote: > > Maybe there's a difference in trunk, but otherwise the sub-rules > > that do the work still run when they aren't used, so there's little > > benefit. > I believe if you look you'll find that we actually redefine some of > the rules and then score them zero just for that purpose but if you > find any that look to be still running please let me know. I looked at a half-dozen random examples of zero scored meta rules and none of then had suppressed sub-rules. I didn't recurse them very thoroughly though, but here's an obvious one: score FROM_FMBLA_NDBLOCKED 0 # __FROM_FMBLA_NDBLOCKED __FROM_FMBLA_NDBLOCKED is an askdns rule that used by nothing but FROM_FMBLA_NDBLOCKED, and it's not redefined in KAM_deadweight2_sub.cf One thing I noticed is: meta __RCVD_IN_ZEN 0 meta __RCVD_IN_DNSWL 0 which will presumably turn-off RCVD_IN_SBL, RCVD_IN_SBL_CSS, and the various RCVD_IN_DNSWL_* rules. There's also: meta __RCVD_IN_LASHBACK 0 meta __RCVD_IN_HOSTKARMA 0 meta __RCVD_IN_RPBL 0 meta __RCVD_IN_SORBS 0 meta __RCVD_IN_IADB 0 meta __RCVD_IN_MSPIKE_B 0 meta __RCVD_IN_MSPIKE_L 0
Re: Legitimate message being flagged as spam
On Sun, 29 Nov 2020 19:06:01 +0100 Marc Roos wrote: > > I see secureserver.net and sendgrid.net, of course it gets flagged. There's no "of course" about it. SpamAssassin doesn't automatically flag this mail as spam. I get a lot of legitimate mail through sendgrid without any special handling. They almost always pass without hitting any substantial positive scoring rule other than DCC_CHECK, (which is a bulk mail test).
RE: Legitimate message being flagged as spam
I see secureserver.net and sendgrid.net, of course it gets flagged. I am constantly harassed by these networks. I would not recommend using secureserver.net, I think those servers are easy to hack, otherwise I would not even know this network. -Original Message- From: Daryl Rose [mailto:rosed...@gmail.com] Sent: zondag 29 november 2020 16:41 To: users@spamassassin.apache.org Subject: Legitimate message being flagged as spam I get an email/receipt from a vendor on a payment made. This message continuously gets flagged as spam even though I've added it to the whitelist_from.cf list. Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17 - Received: from unknown (HELO p3plibsmtp02-04.prod.phx3.secureserver.net) ([68.178.213.4]) (envelope-sender @sendgrid.net>) by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail-1.03) with SMTP for ; 27 Nov 2020 20:52:17 - Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) (Client did not present a certificate) by CMGW with ESMTP id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700 X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1 cx=a_idp_nop a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17 a=kj9zAlcOel0A:10 a=zPYWiABU:8 a=5-f5ixlAKy49-4MjWEkA:9 a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10 a=5LfDJFqq-uUA:10 a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=UDnyf2zBuKT2w-IlGP_r:22 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net; h=from:subject:mime-version:to:content-type:content-transfer-encodi ng; s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=; b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVb LuH 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6 gSi i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI= Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD 2020-11-27 20:52:16.878084415 + UTC m=+951689.287978429 Received: from spiderdoor.com (unknown) by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP id ceyKf2F5QpyH7v63ZKS3nA Fri, 27 Nov 2020 20:52:16.783 + (UTC) Date: Fri, 27 Nov 2020 20:52:16 + (UTC) From: no-re...@spiderdoor.com Message-ID: <5fc1670079f34_26fd3171828...@api1.mail> Subject: Payment Receipt for Unit G030 - paid from SpiderApp Mime-Version: 1.0 X-SG-EID: =?us-ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCVi DqyYQ?= =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?= =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?= =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?= =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?= =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?= To: i...@myspace.rent, X-Entity-ID: eEuAPys4acQ9ere1FZlp6A== Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX311xK b9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxsms0GP 03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5 X6m7dicNVVVO+LUx/qLWyQ== X-Nonspam: None Any idea why it gets flagged and what rule I need to put in place to prevent it from happening? Thank you. Daryl
Re: Legitimate message being flagged as spam
Showing us the SA headers and hits would be a good idea: without them we don't know why SA rejected the mail. I notice that domain in the Message-ID is ficticious may not be significant, but I usually think this is suspicious. Martin On Sun, 2020-11-29 at 09:40 -0600, Daryl Rose wrote: > I get an email/receipt from a vendor on a payment made. This message > continuously gets flagged as spam even though I've added it to the > whitelist_from.cf list. > > Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17 > - > > Received: from unknown (HELO p3plibsmtp02- > > 04.prod.phx3.secureserver.net) > > ([68.178.213.4]) > > (envelope-sender > > @sendgrid.net>) > > by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail- > > 1.03) with > > SMTP > > for ; 27 Nov 2020 20:52:17 - > > Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129]) > > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) > > (Client did not present a certificate) > > by CMGW with ESMTP > > id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700 > > X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1 > > cx=a_idp_nop > > a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17 > > a=kj9zAlcOel0A:10 a=zPYWiABU:8 a=5-f5ixlAKy49-4MjWEkA:9 > > a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10 > > a=5LfDJFqq-uUA:10 > > a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 > > a=UDnyf2zBuKT2w-IlGP_r:22 > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; > > d=sendgrid.net; > > h=from:subject:mime-version:to:content-type:content-transfer- > > encoding; > > s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=; > > b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVbL > > uH > > 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6g > > Si > > i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI= > > Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id > > filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD > > 2020-11-27 20:52:16.878084415 + UTC m=+951689.287978429 > > Received: from spiderdoor.com (unknown) > > by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP > > id ceyKf2F5QpyH7v63ZKS3nA > > Fri, 27 Nov 2020 20:52:16.783 + (UTC) > > Date: Fri, 27 Nov 2020 20:52:16 + (UTC) > > From: no-re...@spiderdoor.com > > Message-ID: <5fc1670079f34_26fd3171828...@api1.mail> > > Subject: Payment Receipt for Unit G030 - paid from SpiderApp > > Mime-Version: 1.0 > > X-SG-EID: > > > > =?us- > > ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCViD > > qyYQ?= > > =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?= > > =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?= > > =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?= > > =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?= > > =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?= > > To: i...@myspace.rent, > > X-Entity-ID: eEuAPys4acQ9ere1FZlp6A== > > Content-Type: text/html; charset=us-ascii > > Content-Transfer-Encoding: 7bit > > X-CMAE-Envelope: > > > > MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX > > 311xKb9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i > > > > gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxs > > ms0GP03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5 > > X6m7dicNVVVO+LUx/qLWyQ== > > X-Nonspam: None > > > > > > > Any idea why it gets flagged and what rule I need to put in place to > prevent it from happening? > > Thank you. > > Daryl
Re: Legitimate message being flagged as spam
Daryl Rose skrev den 2020-11-29 16:40: I get an email/receipt from a vendor on a payment made. This message continuously gets flagged as spam even though I've added it to the whitelist_from.cf [7] list. is this cf file placed same path that local.cf is ? what results is spamassassin giving ? after you show this i can help more
Legitimate message being flagged as spam
I get an email/receipt from a vendor on a payment made. This message continuously gets flagged as spam even though I've added it to the whitelist_from.cf list. Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17 - > Received: from unknown (HELO p3plibsmtp02-04.prod.phx3.secureserver.net) > ([68.178.213.4]) > (envelope-sender > @sendgrid.net>) > by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail-1.03) with > SMTP > for ; 27 Nov 2020 20:52:17 - > Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) > (Client did not present a certificate) > by CMGW with ESMTP > id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700 > X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1 > cx=a_idp_nop > a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17 > a=kj9zAlcOel0A:10 a=zPYWiABU:8 a=5-f5ixlAKy49-4MjWEkA:9 > a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10 > a=5LfDJFqq-uUA:10 > a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 > a=UDnyf2zBuKT2w-IlGP_r:22 > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net; > h=from:subject:mime-version:to:content-type:content-transfer-encoding; > s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=; > b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVbLuH > 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6gSi > i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI= > Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id > filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD > 2020-11-27 20:52:16.878084415 + UTC m=+951689.287978429 > Received: from spiderdoor.com (unknown) > by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP > id ceyKf2F5QpyH7v63ZKS3nA > Fri, 27 Nov 2020 20:52:16.783 + (UTC) > Date: Fri, 27 Nov 2020 20:52:16 + (UTC) > From: no-re...@spiderdoor.com > Message-ID: <5fc1670079f34_26fd3171828...@api1.mail> > Subject: Payment Receipt for Unit G030 - paid from SpiderApp > Mime-Version: 1.0 > X-SG-EID: > > > =?us-ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCViDqyYQ?= > =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?= > =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?= > =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?= > =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?= > =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?= > To: i...@myspace.rent, > X-Entity-ID: eEuAPys4acQ9ere1FZlp6A== > Content-Type: text/html; charset=us-ascii > Content-Transfer-Encoding: 7bit > X-CMAE-Envelope: > > > MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX311xKb9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i > > > gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxsms0GP03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5 > X6m7dicNVVVO+LUx/qLWyQ== > X-Nonspam: None > > > Any idea why it gets flagged and what rule I need to put in place to prevent it from happening? Thank you. Daryl