MySQL Student wrote:
Hi, Hopefully my comment isn't out of place with the current discussion of JMF/Hostkarma. I think this is not only a really bad default score, but it should be reduced to -0.5 or perhaps not used at all. I have a money/fraud email that hit RCVD_IN_JMF_W that passed through these servers: Received: from 41.220.75.3 Received: from webmail.stu.qmul.ac.uk (138.37.100.37) by mercury.stu.qmul.ac.uk Received: from qmwmail2.stu.qmul.ac.uk ([138.37.100.210] Received: from mail2.qmul.ac.uk (mail2.qmul.ac.uk [138.37.6.6]) It also hit these other rules: X-Spam-Status: No, hits=1.3 tagged_above=-300.0 required=5.0 use_bayes=1 tests=AE_GBP, BAYES_50, LOTS_OF_MONEY, LOTTERY_PH_004470, LOTTO_RELATED, MONEY_TO_NO_R, RCVD_IN_DNSWL_MED, RCVD_IN_JMF_W, RELAYCOUNTRY_UK, SPF_FAIL, SPF_HELO_FAIL Unless I'm really missing something, which server has JMF/Hostkarma whitelisted that shouldn't be? This happens time after time.
Yep - this isn't a perfect list. however if I got some good feedback on this I could weed out the white listes and get it more accurate. There are also a lot of hosts I could include with more data.