Re: Recent experience with RCVD_IN_SORBS_NR_SPAM and others

Fri, 28 May 2021 07:42:56 -0700 

On Fri, 28 May 2021, Greg Troxel wrote:



John Hardin <jhar...@impsec.org> writes:


On Thu, 27 May 2021, Greg Troxel wrote:


The other problem on a small number of messages was
RCVD_DOTEDU_SHORT.  I realize this must have passed masscheck, but
getting a message of 1-1.5 kB from an address in .edu is to me not at
all suspicious, and 2.5 points is a lot for something likely to
appear in legitimate mail.  (In my case it was a notification of air
conditioning shutdown in a particular building, and that's all there
was to say.)


Score limit adjusted.


Thanks.


Do you know whether it happened to hit
ALL_TRUSTED? I added an exclusion for that.


It did not hit ALL_TRUSTED, and I'd say that's not really wrong.  The
edu in question has outlook hosted mail which has a lot of servers.  I'm
not actually part of the edu, but am on some lists, and have something
to do with it.

I expanded trusted_networks and then it did hit, but the rule still
fired.


That exclusion won't be published until sometime today.


I wasn't suggesting expanding ALL_TRUSTED, I was just curious as to 
whether you had a relationship to the school and had added their MTAs to 
your trusted list because of that.



 I will see if after the regexp fixes just made arrive on my
system, it's still the case.



I also modified the header check to restrict it to .edu RDNS, so if their 
email is hosted by Outlook it probably isn't going to hit any longer 
anyway.



--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org                         pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Are you a mildly tech-literate politico horrified by the level of
  ignorance demonstrated by lawmakers gearing up to regulate online
  technology they don't even begin to grasp? Cool. Now you have a
  tiny glimpse into a day in the life of a gun owner.   -- Sean Davis
-----------------------------------------------------------------------
 3 days until Memorial Day - honor those who sacrificed for our liberty






















					Reply via email to