Read the document. Upgraded. Ran sa-update (always forget that)
We really have a very simple setup, except for our homegrown integration wiith our email system. So I added enable_compat welcomelist_blocklist" to init.pre Then did a search/replace of local.cf for all whitelist_from and blacklist_from, then just for good measure egrep -l '(whitelist|blacklist)' /etc/mail/spamassassin/*.cf which caught a few in comments. Now off to read how to implement the new goodies I apologise for mailing you directly Benny. -- Med vänlig hälsning Anders Gustafsson, ingenjör anders.gustafs...@pedago.fi | Support +358 18 12060 | Direkt +358 9 315 45 121 | Mobil +358 40506 7099 Pedago interaktiv ab, Nygatan 7 B , AX-22100 MARIEHAMN, ÅLAND, FINLAND >>> Benny Pedersen <m...@junc.eu> 2024-06-16 16:09 >>> Anders Gustafsson skrev den 2024-06-16 13:42: > This one: > > Return-path: <xxxxxxx> > X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on xxxxxx > X-Spam-Level: > X-Spam-Status: No, score=-95.6 required=5.0 > tests=BAYES_00,HTML_MESSAGE, > MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE, > TO_EQ_FM_DIRECT_MX,TO_NO_BRKTS_NORDNS_HTML,T_SCC_BODY_TEXT_LINE, > URIBL_BLACK,URIBL_DBL_SPAM,USER_IN_WELCOMELIST,USER_IN_WHITELIST > autolearn=no autolearn_force=no version=3.4.5 > Received: from hosted-by.csrdp.host ([195.10.205.97]) > by xxxxx with ESMTP (TLS encrypted); Sun, 16 Jun 2024 11:52:11 +0300 > Reply-To: Email Mailbox Notification xxxxxx #9698 <xxxx> > > It was a phishing email and the provider has since shut it down. Now we > do not have that adress in our > whitelist. Should I interpret this that some of the entries we do have > in our whitelist uses this adress or > provider? time to upgrade https://multirbl.valli.org/lookup/195.10.205.97.html remove localy whitelist change score for whitelist to non default -100 phishing links goes to phishtank.com train bayes on phishing emails