AOL accounts trigger some weird rules. Suggestions please?

Steve Campbell campbell at cnpapers.com
Thu Jan 18 19:19:18 CET 2007


----- Original Message ----- 
From: "Steve Campbell" <campbell at cnpapers.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Thursday, January 18, 2007 11:53 AM
Subject: Re: AOL accounts trigger some weird rules. Suggestions please?


>
> ----- Original Message ----- 
> From: "Glenn Steen" <glenn.steen at gmail.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Thursday, January 18, 2007 10:35 AM
> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>
>
>> On 18/01/07, Steve Campbell <campbell at cnpapers.com> wrote:
>>>
>>> ----- Original Message -----
>>> From: "Matt Kettler" <mkettler at evi-inc.com>
>>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>>> Sent: Wednesday, January 17, 2007 5:11 PM
>>> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>>>
>>>
>>> > Steve Campbell wrote:
>>> >
>>> >>> whitelist_from_spf aol.com
>>> >>>
>>> >
>>> > Well, other rules do still apply.. SA's whitelisting doesn't really 
>>> > exempt
>>> > an
>>> > email from checks, it just adds a heavy score bias. (-100 points for 
>>> > the
>>> > normal
>>> > version, -15 for the def_whitelist_* variants)
>>> >
>>> >>
>>> >> Thanks for the idea. I'll look into this further.
>>>
>>> Well, I looked into this further, and tried the line mentioned above, 
>>> but
>>> really don't see much difference in the email's scoring. I did find a 
>>> few
>>> Postfix fixes and suggestions, but I run Sendmail. Other than that, it
>>> appears it should be working. Maybe it is.
>>>
>>> What should I see that indicates this is working? To keep it simple for 
>>> an
>>> explanation, I see the SPF_PASS triggered on a real AOL email, with a 
>>> score
>>> of -0.00, but should I see the -15 or -100 score anywhere? Can the 
>>> scoring
>>> for this be modified to a different score like other rules' score? I 
>>> have
>>> very low SPAM and HIGH SPAM thresholds. These have worked very well here 
>>> for
>>> quite some time but a -15 would really throw this out of whack.
>>>
>>> Thanks for the help. I'll keep googling and hope I see something on 
>>> this.
>>>
>>> Steve
>>> >>
>>> >> Steve
>> You should be seeing things like USER_IN_DEF_SPF_WL triggering on
>> those whitelisted messages, and that would add -7.5 (at least on my
>> system... From the sa-updated 50_score.cf file)... which is (IMO) a
>> better value for the def_* whitelists. I only use these whitelists
>> where I have little or no other means... The only SPF one I use is for
>> one subdomain from Lehman brothers, and so far that works very well
>> ... the line in /etc/spamassassin/local.cf I use is
>> def_whitelist_from_spf *@research.lehman.com
>> and could possibly be less forgiving... but this works, so...:-).
>> If you cannot use the SPF thingie, for some reason (like the domain in
>> question not having relevant/working SPF records published) there's
>> always def_whitelist_from_rcvd ...
>
> Glenn,
>
> Thanks, your info put me on the proper research track. I also switched 
> from the whitelist_from_spf that Matt suggested to the def_whitelist_from 
> _spf. I'm not sure if this fixed it or using the "*@" in front of the parm 
> fixed it, but I am not seeing the entries in MailWatch.

That should be :
,but I am now seeing the entries in MailWatch.

Steve
>
> I didn't realize there were SA rules that this triggered, so I rescored 
> the two that I see,  ENV_AND_HDR_SPF_MATCH and USER_IN_DEF_SPF_WL them 
> down to -2 as opposed to -7.5. This should offset the Gappy text and free 
> access rules.
>
> Again,
>
> Thanks Matt and Glenn
>
> Steve
>
>>You did remember to restart MailScanner (I'm not sure a reload will do
>> for this) after adding the whitelist?
>>




More information about the MailScanner mailing list