spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris <cpoll...@embarqmail.com>
Subject Re: Phish triggered short circuit 'ham'
Date Sun, 26 Sep 2010 19:57:09 GMT
On Sun, 2010-09-26 at 19:26 +0200, Benny Pedersen wrote:
> On søn 26 sep 2010 15:27:47 CEST, Chris wrote
> 
> > On Sat, 2010-09-25 at 04:47 +0200, Benny Pedersen wrote:
> >> On lør 25 sep 2010 02:53:30 CEST, Chris wrote
> >> > meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> >> > USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
> >> > USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
> >>
> >> there is still user in def :=)
> >
> > Benny, I'm still confused, sometimes that isn't hard to do :) anyway, I
> > now have this:
> >
> > meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> > USER_IN_SPF_WHITELIST||USER_IN_WHITELIST)
> >
> > or should the last entry also be removed?
> 
> only if you use whitelist_from foo@*
> 
> >>
> >> user_in_whitelist includes whitelist_from with can be forged, my fav
> >> to be removed if i just can convence more devs :)
> >>
> >> if you remove all user in def then it begins to work, and i can see
> >> you have redudendance with domainkey and dkim, if you as i see use
> >> dkim then domainkey is not needed anymore
> >>
> >> > priority SC_NET_HAM -500
> >> > shortcircuit SC_NET_HAM ham
> >>
> >> change ham here to on
> >
> > priority SC_NET_HAM -500
> 
> change to -950 so blacklist is tested before the whitelist
> 
> > shortcircuit SC_NET_HAM ham
> 
> shortcircuit SC_NET_HAM on
> 
> perldoc Mail::SpamAssassin::Plugin::Shortcircuit
> 
> > # score SC_NET_HAM -20
> > score SC_NET_HAM 0
> >
> > is this correct or still borked?
> 
> yes score 0 disables this rule
> 
> try the fp mail now with current config
> 
> spamassassin -t fpmsg
> 
> better then the problem you see first in the report ?, i hope
> 
At least it's picked up as spam this time Benny

3.3 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                            [201.216.4.186 listed in zen.spamhaus.org]
1.4 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
                            [201.216.4.186 listed in
bb.barracudacentral.org]
-7.5 USER_IN_DEF_DKIM_WL    From: address is in the default DKIM
white-list
 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
lines
 1.0 MISSING_HEADERS        Missing To: header
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.7 HTML_IMAGE_ONLY_08     BODY: HTML: images with 400-800 bytes of
words
 1.0 BAYES_50               BODY: Bayes spam probability is 40 to 60%
                            [score: 0.5000]
 0.7 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature
from author's
                            domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK
signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not
necessarily valid
 0.4 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag
 0.1 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format
 0.1 FROM_MISSP_NO_TO       From misspaced, To missing
 1.6 FROM_MISSP_MSFT        From misspaced + supposed Microsoft tool
 0.8 RDNS_NONE              Delivered to internal network by a host with
no rDNS
 0.0 FORGED_OUTLOOK_HTML    Outlook can't send HTML message only
 0.0 HELO_NO_DOMAIN         Relay reports its domain incorrectly
 1.9 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
 2.5 DOS_OE_TO_MX           Delivered direct to MX with OE headers
 1.0 SAGREY                 Adds 1.0 to spam from first-time senders

It still hit on this def_whitelist_from_dkim *@embarqmail.com but that
can't be helped can it since the message had a dkim signature.

-- 
Chris
KeyID 0xE372A7DA98E6705C


Mime
View raw message