AOL accounts trigger some weird rules. Suggestions please?
Steve Campbell
campbell at cnpapers.com
Thu Jan 18 19:19:18 CET 2007
----- Original Message -----
From: "Steve Campbell" <campbell at cnpapers.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Thursday, January 18, 2007 11:53 AM
Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>
> ----- Original Message -----
> From: "Glenn Steen" <glenn.steen at gmail.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Thursday, January 18, 2007 10:35 AM
> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>
>
>> On 18/01/07, Steve Campbell <campbell at cnpapers.com> wrote:
>>>
>>> ----- Original Message -----
>>> From: "Matt Kettler" <mkettler at evi-inc.com>
>>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>>> Sent: Wednesday, January 17, 2007 5:11 PM
>>> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>>>
>>>
>>> > Steve Campbell wrote:
>>> >
>>> >>> whitelist_from_spf aol.com
>>> >>>
>>> >
>>> > Well, other rules do still apply.. SA's whitelisting doesn't really
>>> > exempt
>>> > an
>>> > email from checks, it just adds a heavy score bias. (-100 points for
>>> > the
>>> > normal
>>> > version, -15 for the def_whitelist_* variants)
>>> >
>>> >>
>>> >> Thanks for the idea. I'll look into this further.
>>>
>>> Well, I looked into this further, and tried the line mentioned above,
>>> but
>>> really don't see much difference in the email's scoring. I did find a
>>> few
>>> Postfix fixes and suggestions, but I run Sendmail. Other than that, it
>>> appears it should be working. Maybe it is.
>>>
>>> What should I see that indicates this is working? To keep it simple for
>>> an
>>> explanation, I see the SPF_PASS triggered on a real AOL email, with a
>>> score
>>> of -0.00, but should I see the -15 or -100 score anywhere? Can the
>>> scoring
>>> for this be modified to a different score like other rules' score? I
>>> have
>>> very low SPAM and HIGH SPAM thresholds. These have worked very well here
>>> for
>>> quite some time but a -15 would really throw this out of whack.
>>>
>>> Thanks for the help. I'll keep googling and hope I see something on
>>> this.
>>>
>>> Steve
>>> >>
>>> >> Steve
>> You should be seeing things like USER_IN_DEF_SPF_WL triggering on
>> those whitelisted messages, and that would add -7.5 (at least on my
>> system... From the sa-updated 50_score.cf file)... which is (IMO) a
>> better value for the def_* whitelists. I only use these whitelists
>> where I have little or no other means... The only SPF one I use is for
>> one subdomain from Lehman brothers, and so far that works very well
>> ... the line in /etc/spamassassin/local.cf I use is
>> def_whitelist_from_spf *@research.lehman.com
>> and could possibly be less forgiving... but this works, so...:-).
>> If you cannot use the SPF thingie, for some reason (like the domain in
>> question not having relevant/working SPF records published) there's
>> always def_whitelist_from_rcvd ...
>
> Glenn,
>
> Thanks, your info put me on the proper research track. I also switched
> from the whitelist_from_spf that Matt suggested to the def_whitelist_from
> _spf. I'm not sure if this fixed it or using the "*@" in front of the parm
> fixed it, but I am not seeing the entries in MailWatch.
That should be :
,but I am now seeing the entries in MailWatch.
Steve
>
> I didn't realize there were SA rules that this triggered, so I rescored
> the two that I see, ENV_AND_HDR_SPF_MATCH and USER_IN_DEF_SPF_WL them
> down to -2 as opposed to -7.5. This should offset the Gappy text and free
> access rules.
>
> Again,
>
> Thanks Matt and Glenn
>
> Steve
>
>>You did remember to restart MailScanner (I'm not sure a reload will do
>> for this) after adding the whitelist?
>>
More information about the MailScanner
mailing list