On 07/14/2017 09:22 PM, Alex wrote:
Hi,

The ENA_BAD_SPAM rule is a combination of 2 different types (reputation
and
content) rules with an AND between them.  For example (this is is about
one-third of the rule):

Is it usable like this?

Try it out with a score of 0.001 and see what you think.  It should have
been valid.  Just drop it in and run:

spamassassin -D --lint 2>&1 | /bin/grep -Ei '(failed|undefined
dependency|score set for non-existent rule)' | /bin/grep ENA_

By "usable" I meant have you included enough of the rule for it to
really be effective?

I let it run for the day, and it's just not anchored well enough to
provide any meaningful benefit. It's hitting on jcpenny, vresp.com,
constantcontact, sendgrid, facebook, etc.


I have all of those senders in whitelist_auth entries. The ENA_BAD_SPAM has a score of 0.001 just as a place holder for other meta rules based on it that have a score of 1.2 - 3.2.

Once you setup different tiers of senders and SHORTCIRCUIT all of the trusted senders that usually score very low, you will be able to handle regular and untrusted senders more aggressively.

As I have said before, I SHORTCIRCUIT as ham thousands of domains based on their envelope-from domain as long as they have legit unsubscribe/opt out processes/links. Now I don't have to worry about these being falsely categorized as spam based on content. I don't SHORTCIRCUIT any FREEMAIL domains or any domains that have user mailboxes that can be compromised.

My MTA blocks the majority of the junk so what passes through SA is mostly SHORTCIRCUIT'd as ham. Less than 5 percent is spam blocked by SA. I only get the occasional report of spam from customers from compromised accounts now which are very difficult to block based on reputation. Content-based rules are really the only way since these spammers are crafting zero-hour email that are designed to get through major mail filters.

--
David Jones

Reply via email to