spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <djo...@ena.com>
Subject ENCRYPTED_MESSAGE rule
Date Thu, 22 Feb 2018 21:27:49 GMT
My SA filters just received 45 unsolicited junk emails from Office 365 
that hit ENCRYPTED_MESSAGE which subtracted a point.  Looking at 
72_active.cf, the description for this rule is:

"Message is encrypted, not likely to be spam"

The body of the email was a MIME attachment of application/pkcs7-mime so 
SA didn't have access to it for body content rules.

I am seriously thinking about changing the score on this rule locally to 
1.0 or 2.0 to add points if SA can't do any body checks.  Outlook and 
Outlook Web was able to display the email automatically.  This may be a 
new feature that we are about to see more often to hide spam from SA.

It also hit BAYES_00 (not much can be done to change that), DCC_CHECK, 
PYZOR_CHECK, and FSL_BULK_SIG to score 2.88.

I reported this to SpamCop/Office 365 and blocked the sending domain. 
Seems like more and more junk is coming out of Office 365 every week. 
The majority of new/zero-hour spam that I am not able to block with SA 
is now coming from O365.

-- 
David Jones

Mime
View raw message