John Hardin <jhar...@impsec.org> writes: > On Thu, 27 May 2021, Greg Troxel wrote: > >> The other problem on a small number of messages was >> RCVD_DOTEDU_SHORT. I realize this must have passed masscheck, but >> getting a message of 1-1.5 kB from an address in .edu is to me not at >> all suspicious, and 2.5 points is a lot for something likely to >> appear in legitimate mail. (In my case it was a notification of air >> conditioning shutdown in a particular building, and that's all there >> was to say.) > > Score limit adjusted.
Thanks. > Do you know whether it happened to hit > ALL_TRUSTED? I added an exclusion for that. It did not hit ALL_TRUSTED, and I'd say that's not really wrong. The edu in question has outlook hosted mail which has a lot of servers. I'm not actually part of the edu, but am on some lists, and have something to do with it. I expanded trusted_networks and then it did hit, but the rule still fired. I will see if after the regexp fixes just made arrive on my system, it's still the case. (I realize everybody's mail stream is different. Part of where I'm coming from is knowing a fairly large number of people using edu addresses, so to me this seemed sort of like 2.5 point for a message being from gmail and 1-1.5 kB.)
signature.asc
Description: PGP signature
