On Thu, 10 Sep 2009 19:21:16 -0400 MySQL Student <mysqlstud...@gmail.com> wrote:
> Hi, > > I have several emails that are tagged with RCVD_IN_JMF_W, > SPF_SOFTFAIL, and RAZOR2_CHECK such as this one: > > http://pastebin.com/m4a4d990e > > Is the criteria for being listed on the JMF_W simply that it contains > a domain that is whitelisted, despite whether it contains another URL > that is blacklisted? I'm not sure what you are saying here, it's not as if the people running the whitelist could lookup the IP address on razor. > Would I be advised to make the JMF_W score very low, or create a meta > that doesn't really whitelist it unless it isn't also blacklisted? > > meta META_NOT_JMF_RAZOR (RCVD_IN_JMF_W && !RAZOR2_CHECK) Why RAZOR2_CHECK? Why not other positive scoring rules? The trouble is that the whitelist rule is then pointless. Set it's score at a value that's commensurate with it's effectiveness on your email. It might be sensible to make metarules for RCVD_IN_DNSWL_* and RCVD_IN_JMF_W, if you are going to use both. > It also appears to spoof the kraftfoods.com mail server, correct? Is > there a possible rule to be created here? No, it was almost certainly sent through kraftfoods.com. It's based on an IP address recorded by your trusted network.