spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From RW <rwmailli...@googlemail.com>
Subject Re: __HDR_ORDER_FTSDMCXXXX hitting windows live mail (and outlook express)
Date Sat, 01 Sep 2018 19:07:57 GMT
On Fri, 31 Aug 2018 16:16:43 -0700 (PDT)
John Hardin wrote:

> On Fri, 31 Aug 2018, John Hardin wrote:
> 
> > None of the masscheck corpora that hit __HDR_ORDER_FTSDMCXXXX also
> > hit ALL_TRUSTED (or at least the portion is so small it falls off
> > the bottom of the report) so I don't feel too worried about adding
> > either !ALL_TRUSTED or __ANY_EXTERNAL (or potentially both) as
> > exclusions.
> >
> > I'm adding __ANY_EXTERNAL now...
> >
> > Comments solicited.  
> 
> Here's one: should __ANY_EXTERNAL be added to any other rules that 
> primarily look for abused MSFT-isms?
> 
> For example, MIMEOLE_DIRECT_TO_MX, DOS_OE_TO_MX, DOS_OUTLOOK_TO_MX, 
> XPRIO_SHORT_SUBJ, ...?

All but the last one is a direct-to-mx rule, which requires one
external relay, so adding __ANY_EXTERNAL to those is pointless.

I'm curious why you have 

  header ANY_EXTERNAL_RELAY ALL-EXTERNAL =~ /\S/

which looks for an external header rather than the more straightforward

  header ANY_EXTERNAL_RELAY  X-Spam-Relays-External  =~ /\S/

which looks for an external relay. I think they are functionally
equivalent.

I don't think __ANY_EXTERNAL is a good idea, it should be sufficient
that the headers are  all trusted, __ANY_EXTERNAL requires that people
read this thread and make a questionable change to their networks to
take advantage.




Mime
View raw message