Hi, I'm using SA 4.0.1 and amavisd with postfix. I've identified a few bounce messages in the quarantine because they weren't identified properly. Here's one: https://pastebin.com/RMNkcyhF
For example, it matches on * 3.1 URI_IMG_CWINDOWSNET Non-MSFT image hosted by Microsoft Azure infra, possible phishing * 2.6 HOSTED_IMG_DIRECT_MX Image hosted at large ecomm, CDN or hosting * site, message direct-to-mx It also matches on ANY_BOUNCE_MESSAGE and BOUNCE_MESSAGE. Should metas be created to avoid adding the above scores? What more can be done to improve deliverability of these messages? Perhaps this is something postfix can identify and bypass scanning?
