DNSWL is a whitelist for mailservers. So the tests based on that use the
IP that handed your trusted_networks the email.
Several tests are based on the transmitting server instead of just the
email contents, since contents can be convincing or not, if the server
is notorious for sending spam it will end up on blocklists for example.
On 8/10/2021 11:57, Thomas Seilund wrote:
On 10/8/21 11:38 AM, Matus UHLAR - fantomas wrote:
On 08.10.21 11:18, Thomas Seilund wrote:
I run SA 3.4.2 on Debian GNU/Linux 10 (buster)
If I look at incomming mails after SA has processed the incomming
mail then the list of SA rules that have been run is not the same
for all mails.
Below are to examples:
X-Spam-Status: No, score=-2.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,
T_KAM_HTML_FONT_INVALID autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Status: No, score=2.9 required=3.0 tests=BAYES_50,HTML_MESSAGE,
HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK
autolearn=no autolearn_force=no version=3.4.2
For instance, rule RCVD_IN_DNSWL_NONE is run for the first mail but
not for the second.
Why is that?
perhaps the rule did not match, that's how spam score is evaluated.
did those mails come from the same host?
Thanks.
No mails did not come from the same host.
I am a little in the dark here!
Why does it matter where the mails came from? In my
/etc/spamassassin/local.cf I have nothing about trusted networks.
Is it so that the list of rules only show rules that contribute to the
score?
What do you mean by a rule did not match?
