Handling blocked ham
I just got a report of ham blocked with the following rules. This is a repeated ham report for TVD_FW_GRAPHIC_ID1 and thinking of setting its score to zero. Is there any recommendations on how to handle any of these rules? X-Spam-Status: Yes, score=8.692 tag=-999 tag2=5 kill=5 tests=[DNS_FROM_RFC_ABUSE=0.479, EXTRA_MPART_TYPE=1.677, HTML_IMAGE_ONLY_32=0.836, HTML_MESSAGE=0.4, MY_CID_AND_STYLE=1.2, PART_CID_STOCK=1, PART_CID_STOCK_LESS=1, TVD_FW_GRAPHIC_ID1=2.1] -- Robert
RE: Handling blocked ham
If its just one sender, just whitelist them. Those rules below do indicate that that email may be coming from a 'permission[sic] based email marketing' company. -- Michael Scheidell, CTO Join SECNAP at SecureWorld Atlanta, May 1-2 http://www.secnap.com/events for free and discounted seminar tickets -Original Message- From: Robert Fitzpatrick [mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 5:56 PM To: SpamAssassin Subject: Handling blocked ham I just got a report of ham blocked with the following rules. This is a repeated ham report for TVD_FW_GRAPHIC_ID1 and thinking of setting its score to zero. Is there any recommendations on how to handle any of these rules? X-Spam-Status: Yes, score=8.692 tag=-999 tag2=5 kill=5 tests=[DNS_FROM_RFC_ABUSE=0.479, EXTRA_MPART_TYPE=1.677, HTML_IMAGE_ONLY_32=0.836, HTML_MESSAGE=0.4, MY_CID_AND_STYLE=1.2, PART_CID_STOCK=1, PART_CID_STOCK_LESS=1, TVD_FW_GRAPHIC_ID1=2.1] -- Robert _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
RE: Handling blocked ham
On Mon, 2007-04-16 at 19:43 -0400, Michael Scheidell wrote: If its just one sender, just whitelist them. Those rules below do indicate that that email may be coming from a 'permission[sic] based email marketing' company. elasmtp-junco.atl.sa.earthlink.net -- Robert
RE: Handling blocked ham
On Mon, 2007-04-16 at 19:43 -0400, Michael Scheidell wrote: If its just one sender, just whitelist them. Those rules below do indicate that that email may be coming from a 'permission[sic] based email marketing' company. Sorry, hit send to quickly on that last message... elasmtp-junco.atl.sa.earthlink.net is the server, it was an earthlink.net user sending a message to a printing company. I'm sure they do a lot of marketing. Can I reduce scores for these types of rules for that one domain? We run a transport Postfix+Amavisd-new+SA gateway server. -- Robert
RE: Handling blocked ham
All you can do is wiatelist them, or reduce scores for everyone for those rules. -- Michael Scheidell, CTO Join SECNAP at SecureWorld Atlanta, May 1-2 http://www.secnap.com/events for free and discounted seminar tickets -Original Message- From: Robert Fitzpatrick [mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 7:56 PM To: Michael Scheidell Cc: SpamAssassin Subject: RE: Handling blocked ham On Mon, 2007-04-16 at 19:43 -0400, Michael Scheidell wrote: If its just one sender, just whitelist them. Those rules below do indicate that that email may be coming from a 'permission[sic] based email marketing' company. Sorry, hit send to quickly on that last message... elasmtp-junco.atl.sa.earthlink.net is the server, it was an earthlink.net user sending a message to a printing company. I'm sure they do a lot of marketing. Can I reduce scores for these types of rules for that one domain? We run a transport Postfix+Amavisd-new+SA gateway server. -- Robert _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: Handling blocked ham
Robert Fitzpatrick wrote: I just got a report of ham blocked with the following rules. This is a repeated ham report for TVD_FW_GRAPHIC_ID1 and thinking of setting its score to zero. Is there any recommendations on how to handle any of these rules? X-Spam-Status: Yes, score=8.692 tag=-999 tag2=5 kill=5 tests=[DNS_FROM_RFC_ABUSE=0.479, EXTRA_MPART_TYPE=1.677, HTML_IMAGE_ONLY_32=0.836, HTML_MESSAGE=0.4, MY_CID_AND_STYLE=1.2, PART_CID_STOCK=1, PART_CID_STOCK_LESS=1, TVD_FW_GRAPHIC_ID1=2.1] I've reduced the score of the rules. I've seen those rules hit on messages with a single embedded GIF coming from Outloook or OE from a user just trying to make their mail look pretty.
