On Mon, 1 May 2017, Alex wrote:
Hi,
On Mon, May 1, 2017 at 8:44 AM, David Jones <djo...@ena.com> wrote:
From: Alex <mysqlstud...@gmail.com>
I've taken a more conservative, but also more time-consuming approach
by creating rules that subtract a few points with the right
combination.
I was also hoping there was a more general approach that would make
these rules with such high scores less prone to FPs in the first
place, or at least create a greater burden by default before adding
such high scores to rules involving just a regex.
* 3.3 MSGID_NOFQDN1 Message-ID with no domain name
This one catches even automated reports generated by HP to many of our
users, as well as a common email fax service. They just don't consider
proper RFC compliance in their shell scripts, and to basically turn it
into spam just for that is unreasonable.
Also unfortunately, they don't comply with SPF or DKIM conventions,
and one might argue simply passing SPF_PASS isn't sufficient for a
meta rule before whitelisting.
It's more time-consuming to maintain, but whitelist_from_rcvd lets you
reasonably safely (safe from spoofing) whitelist a given sender that doesn't
have DKIM/SPF.
(I'm partial to the "def_whitelist*" version of local whitelists because it will
save good messages from quarantine but can be over-ridden by heavy-duty spam
rules (such as malware being sent from a compromised Yahoo user's account).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
