Hi, On Mon, May 1, 2017 at 3:51 PM, David B Funk <dbf...@engineering.uiowa.edu> wrote: > On Mon, 1 May 2017, Alex wrote: > >> Hi, >> >> On Mon, May 1, 2017 at 8:44 AM, David Jones <djo...@ena.com> wrote: >>> >>> From: Alex <mysqlstud...@gmail.com> >>> >> I've taken a more conservative, but also more time-consuming approach >> by creating rules that subtract a few points with the right >> combination. >> >> I was also hoping there was a more general approach that would make >> these rules with such high scores less prone to FPs in the first >> place, or at least create a greater burden by default before adding >> such high scores to rules involving just a regex. >> >>>> * 3.3 MSGID_NOFQDN1 Message-ID with no domain name >> >> >> This one catches even automated reports generated by HP to many of our >> users, as well as a common email fax service. They just don't consider >> proper RFC compliance in their shell scripts, and to basically turn it >> into spam just for that is unreasonable. >> >> Also unfortunately, they don't comply with SPF or DKIM conventions, >> and one might argue simply passing SPF_PASS isn't sufficient for a >> meta rule before whitelisting. > > > It's more time-consuming to maintain, but whitelist_from_rcvd lets you > reasonably safely (safe from spoofing) whitelist a given sender that doesn't > have DKIM/SPF.
Yes, I've got quite a few of those as well. The time-consuming part isn't necessarily in the keeping up with the changing Received headers, but with going through the quarantine to figure out which FPs have been created in the first place by rules which are too aggressive or are insufficiently bounded. I don't always have the skill/time to fix these issues, but I'm hoping my comments are interpreted as helpful to people who do. Going through the quarantine, or just waiting until users complain about missing email, as well as amassing a ton of individual whitelisted addresses, is not sustainable.
