On 19.04.21 16:36, Simon Wilson wrote:
- I'm running KAM rules in Spamassassin
- Postfix port 587-submitted email is sent to Amavisd (as a
content_filter) on port 10026 (tagged as ORIGINATING/MYNETS) and is
spam-checked and DKIM-signed on its way out the door, sent back to
Postfix at port 10025 for final delivery
- my domain has DMARC p=reject
If the final delivery is a local address, I'm getting some in-theory
valid but in practicality invalid Spamassassin scores... e.g. SA is
tagging those emails with KAM_DMARC_REJECT - as DMARC fails
(correctly). The sending and receiving IPs are all internal...
Not sure if this is more an Amavis question actually, but how should I
configure SA to not run or assess tests which make no sense on
OUTBOUND emails - e.g. SPF, DKIM, DMARC?
I'd say that a proper solution would be to DKIM-sign mail before it's
spam-scanned.
but, the rule could apparently avoid locally-originated mail
(would help for non-DKIM domains).
meta KAM_DMARC_REJECT !(DKIM_VALID_AU || SPF_PASS) &&
__KAM_DMARC_POLICY_REJECT
maybe __LAST_EXTERNAL_RELAY_NO_AUTH ?
What am I trying to achieve? - I've had a compromised user account in
the past send out spam, so I scan outbound email, with spam notices to
postmaster (me). I want that outbound scanning to be sensible - only
run spam tests which make sense at that point of the process.
while SA is not very good at scanning outgoing mail, I believe this is still
a good idea.
I've also noticed that Bayes is really struggling to learn
local-->local emails, with consistently BAYES_20 or BAYES_50 results.
sa-learn advises tokens learned, but it still seems to struggle with
these. Other than that my Bayes is excellent, very effective and
accurate.
Any advice would be appreciated.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
