spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent Clark <brentgclarkl...@gmail.com>
Subject Re: SA shortcircuit
Date Tue, 23 Apr 2019 05:57:58 GMT
Good day David

Looking at what you got going, Im glad I asked this request.
Thanks very much for sharing.

Kind Regards
Brent Clark

On 2019/04/18 15:52, David Jones wrote:
> On 4/18/19 1:55 AM, Brent Clark wrote:
>> Good day Guys
>>
>> Would anyone be willing to share their shortcircuiting list.
>>
>> Currently I am just shortcircuiting CLAMAV, Im looking to improve SA.
>>
>> Many thanks.
>>
>> Regards
>> Brent
> 
> shortcircuit ALL_TRUSTED off
> shortcircuit USER_IN_WHITELIST on
> shortcircuit USER_IN_DEF_WHITELIST on
> shortcircuit USER_IN_BLACKLIST on
> shortcircuit USER_IN_DKIM_WHITELIST on
> shortcircuit USER_IN_SPF_WHITELIST on
> shortcircuit USER_IN_DEF_DKIM_WL off
> shortcircuit USER_IN_DEF_SPF_WL off
> shortcircuit RCVD_IN_RP_CERTIFIED off
> shortcircuit RCVD_IN_RP_SAFE off
> 
> You will need to set the priority lower than the default to hit before
> some of the entries above.  Run some messages manually with
> "spamassassin -D < email.msg" to see the priority if your shortcircuit
> rule isn't getting hit because a lower priority shortcircuit hit first.
> 
> I also have some outbound rules that shortcircuit unique emails like
> those from scanner/copiers that often have missing headers like no
> Message-ID, bad HELO, etc.
> 
> Here's an example of a useful one that we all have problems with if we
> are filtering outbound email:
> 
> meta            ENA_COPIER              ALL_TRUSTED && (__SUBJ_COPIER ||
> __MAILER_COPIER || __MSGID_COPIER || __MIME_COPIER || __FROM_COPIER ||
> __RCVD_COPIER)
> priority	ENA_COPIER		-500
> describe        ENA_COPIER              Sent from a copier on network.
> score           ENA_COPIER              -0.001
> priority        ENA_COPIER              -500
> shortcircuit    ENA_COPIER              ham
> tflags          ENA_COPIER              noautolearn nice
> 
> I am not publishing the details of those header rules in the meta above
> on purpose so this rule could be exploited by a compromised account from
> our network through our mail relays.  These should be fairly obvious
> based on their names as to what they do.
> 
> Hope this helps,
> 

Mime
View raw message