AOL accounts trigger some weird rules. Suggestions please?
Glenn Steen
glenn.steen at gmail.com
Thu Jan 18 16:35:33 CET 2007
On 18/01/07, Steve Campbell <campbell at cnpapers.com> wrote:
>
> ----- Original Message -----
> From: "Matt Kettler" <mkettler at evi-inc.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Wednesday, January 17, 2007 5:11 PM
> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>
>
> > Steve Campbell wrote:
> >
> >>> whitelist_from_spf aol.com
> >>>
> >
> > Well, other rules do still apply.. SA's whitelisting doesn't really exempt
> > an
> > email from checks, it just adds a heavy score bias. (-100 points for the
> > normal
> > version, -15 for the def_whitelist_* variants)
> >
> >>
> >> Thanks for the idea. I'll look into this further.
>
> Well, I looked into this further, and tried the line mentioned above, but
> really don't see much difference in the email's scoring. I did find a few
> Postfix fixes and suggestions, but I run Sendmail. Other than that, it
> appears it should be working. Maybe it is.
>
> What should I see that indicates this is working? To keep it simple for an
> explanation, I see the SPF_PASS triggered on a real AOL email, with a score
> of -0.00, but should I see the -15 or -100 score anywhere? Can the scoring
> for this be modified to a different score like other rules' score? I have
> very low SPAM and HIGH SPAM thresholds. These have worked very well here for
> quite some time but a -15 would really throw this out of whack.
>
> Thanks for the help. I'll keep googling and hope I see something on this.
>
> Steve
> >>
> >> Steve
You should be seeing things like USER_IN_DEF_SPF_WL triggering on
those whitelisted messages, and that would add -7.5 (at least on my
system... From the sa-updated 50_score.cf file)... which is (IMO) a
better value for the def_* whitelists. I only use these whitelists
where I have little or no other means... The only SPF one I use is for
one subdomain from Lehman brothers, and so far that works very well
... the line in /etc/spamassassin/local.cf I use is
def_whitelist_from_spf *@research.lehman.com
and could possibly be less forgiving... but this works, so...:-).
If you cannot use the SPF thingie, for some reason (like the domain in
question not having relevant/working SPF records published) there's
always def_whitelist_from_rcvd ...
You did remember to restart MailScanner (I'm not sure a reload will do
for this) after adding the whitelist?
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list