On Fri, 28 May 2021, Greg Troxel wrote:
John Hardin writes:
On Thu, 27 May 2021, Greg Troxel wrote:
The other problem on a small number of messages was
RCVD_DOTEDU_SHORT. I realize this must have passed masscheck, but
getting a message of 1-1.5 kB from an address in .edu is to me not at
John Hardin writes:
> On Thu, 27 May 2021, Greg Troxel wrote:
>
>> The other problem on a small number of messages was
>> RCVD_DOTEDU_SHORT. I realize this must have passed masscheck, but
>> getting a message of 1-1.5 kB from an address in .edu is to me not at
>> all suspicious, and 2.5 points
"Bill Cole" writes:
> That rule does not now exist in trunk and IT NEVER HAS, according to the
> Subversion history.
>
> It is not in the current KAM channel rules and I see no evidence in my logs
> of any such rule ever hitting within the past 3 months.
Totally my fault. I added it to
On 2021-05-27 at 20:40:28 UTC-0400 (Thu, 27 May 2021 20:40:28 -0400)
Greg Troxel
is rumored to have said:
> But one thing jumped out at me: a fair number of
> RCVD_IN_SORBS_NR_SPAM hits, including for yahoo servers. It seems to me
> a bit much to apply that and 2.5 points for MTAs from
On Fri, 28 May 2021, RW wrote:
There is a minor problem:
header __RCVD_DOTEDU_EXT X-Spam-Relays-External =~ /\.edu\s/i
allows a match on "by=" from the LE header, when it should just be on
helo/rdns.
D'oh! Fixed, thanks for catching that.
--
John Hardin KA7OHZ
On Thu, 27 May 2021, Greg Troxel wrote:
The other problem on a small number of messages was RCVD_DOTEDU_SHORT.
I realize this must have passed masscheck, but getting a message of
1-1.5 kB from an address in .edu is to me not at all suspicious, and 2.5
points is a lot for something likely to
On Thu, 27 May 2021 20:40:28 -0400
Greg Troxel wrote:
> The other problem on a small number of messages was RCVD_DOTEDU_SHORT.
> I realize this must have passed masscheck, but getting a message of
> 1-1.5 kB from an address in .edu is to me not at all suspicious, and
> 2.5 points is a lot for
I lost track of checking my spam folders recently for almost a week (I
filter to a maybe-spam folder on scores that are lower than what
doctrine says, splitting into really-ham, iffy, and really-spam -- it
was the iffy I didn't look at). On checking, I refiled a bunch of ham
that had from 2 to 6
