AOL accounts trigger some weird rules. Suggestions please?

Steve Campbell campbell at cnpapers.com
Thu Jan 18 17:53:09 CET 2007 

----- Original Message ----- 
From: "Glenn Steen" <glenn.steen at gmail.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Thursday, January 18, 2007 10:35 AM
Subject: Re: AOL accounts trigger some weird rules. Suggestions please?


> On 18/01/07, Steve Campbell <campbell at cnpapers.com> wrote:
>>
>> ----- Original Message -----
>> From: "Matt Kettler" <mkettler at evi-inc.com>
>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>> Sent: Wednesday, January 17, 2007 5:11 PM
>> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>>
>>
>> > Steve Campbell wrote:
>> >
>> >>> whitelist_from_spf aol.com
>> >>>
>> >
>> > Well, other rules do still apply.. SA's whitelisting doesn't really 
>> > exempt
>> > an
>> > email from checks, it just adds a heavy score bias. (-100 points for 
>> > the
>> > normal
>> > version, -15 for the def_whitelist_* variants)
>> >
>> >>
>> >> Thanks for the idea. I'll look into this further.
>>
>> Well, I looked into this further, and tried the line mentioned above, but
>> really don't see much difference in the email's scoring. I did find a few
>> Postfix fixes and suggestions, but I run Sendmail. Other than that, it
>> appears it should be working. Maybe it is.
>>
>> What should I see that indicates this is working? To keep it simple for 
>> an
>> explanation, I see the SPF_PASS triggered on a real AOL email, with a 
>> score
>> of -0.00, but should I see the -15 or -100 score anywhere? Can the 
>> scoring
>> for this be modified to a different score like other rules' score? I have
>> very low SPAM and HIGH SPAM thresholds. These have worked very well here 
>> for
>> quite some time but a -15 would really throw this out of whack.
>>
>> Thanks for the help. I'll keep googling and hope I see something on this.
>>
>> Steve
>> >>
>> >> Steve
> You should be seeing things like USER_IN_DEF_SPF_WL triggering on
> those whitelisted messages, and that would add -7.5 (at least on my
> system... From the sa-updated 50_score.cf file)... which is (IMO) a
> better value for the def_* whitelists. I only use these whitelists
> where I have little or no other means... The only SPF one I use is for
> one subdomain from Lehman brothers, and so far that works very well
> ... the line in /etc/spamassassin/local.cf I use is
> def_whitelist_from_spf *@research.lehman.com
> and could possibly be less forgiving... but this works, so...:-).
> If you cannot use the SPF thingie, for some reason (like the domain in
> question not having relevant/working SPF records published) there's
> always def_whitelist_from_rcvd ...

Glenn,

Thanks, your info put me on the proper research track. I also switched from 
the whitelist_from_spf that Matt suggested to the def_whitelist_from _spf. 
I'm not sure if this fixed it or using the "*@" in front of the parm fixed 
it, but I am not seeing the entries in MailWatch.

I didn't realize there were SA rules that this triggered, so I rescored the 
two that I see,  ENV_AND_HDR_SPF_MATCH and USER_IN_DEF_SPF_WL them down 
to -2 as opposed to -7.5. This should offset the Gappy text and free access 
rules.

Again,

Thanks Matt and Glenn

Steve

>You did remember to restart MailScanner (I'm not sure a reload will do
> for this) after adding the whitelist?
>
> Cheers
> -- 
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --

More information about the MailScanner mailing list