Thanks to Bill and Matus for your responses. Basically, the client is talking about real money transactions, airplanes, paypal etc, but he is a legit sender with these often flagged topics. Sometimes the message goes through, but by the time you reply 2 or 3 times, there are more of the buzz words that SA looks at based on rules.
We can't whitelist j...@company.com because of course everyone pretending to be him will more than likely get whitelisted and you know the rest. This is why I thought if user j...@company.com from ip 1.2.3.4 condition would allow me to add some negative score to get over the total flagging it as spam. You guys would know better than I as to which would be the best method, I like scoring it some and going to -100. Within the reject to the user it had the following: Spam detection results: 3 ClamAVHeuristics 3 ClamAV heuristic test: Phishing.Email.SpoofedDomain (clamav) AWL -0.969 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% BIGNUM_EMAILS_MANY 2.999 Lots of email addresses/leads, over and over DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid HTML_FONT_LOW_CONTRAST 0.001 HTML font color similar or identical to background HTML_MESSAGE 0.001 HTML included in message KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_FILL_THIS_FORM_SHORT 0.01 Fill in a short form with personal information URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block On Tue, Dec 20, 2022 at 6:14 AM Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > On 19.12.22 20:05, Joey J wrote: > >I'm trying to see if there is a "best way" to provide negative scoring for > >a certain persons email. > >As an example if j...@company.com is communicating with paypal or other > real > >banking institutions, then at times within the email chain, SA will tag it > >as spam. > > do you have an example? > > >I want to see if there is if email is from j...@company.com AND is from IP > >address 1.2.3.4, then lets take away 2 from the score, hopefully allowing > >those legitimate types of messages through. > > there are techniques like SPF and DKIM to authenticate e-mail. > In such case you should be able to "welcomelist_auth j...@company.com" > without > providing outgoing mailserver IP > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease > -- Thanks! Joey
