You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <mi...@secnap.com> on 2011/07/27 22:38:42 UTC
whitelist_from_rcvd question (and more n+1 rules that score 6 points)
Seems zixmail has not only decided to bastardize 'email' off the net,
but now, when informing someone they got one, makes suck bad freeking
headers that SA wants to tag it spam. take the bayes credit out and you
have 8 points on a legit email.
(wern't we talking about ruls that score > 3 points? we have two of them
ahain)
Yes, score=6.047 tag=-999 tag2=6 kill=6 tests=[BAYES_00=-1.9, FROM_MISSP_DKIM=0.001, FROM_MISSP_EH_MATCH=3.007, FROM_MISSP_REPLYTO=0.289, HTML_MESSAGE=0.001, NO_REAL_NAME=1, RELAY_COUNTRY_US=0.001, TDE_WS_HS_KOMBINATION=0.2, TO_NO_BRKTS_FROM_MSSP=3.448]
so, in the interests of being friendly, will this work?
whitelist_from_rcvd *@* smtpout.zixmail.net
(no, they don't have spf :-) and even if they did, it would not work
anyway since they 'forge' the email address of the sender's domain.
Received: from smtpout.zixmail.net (smtpout.zixmail.net [63.71.8.106]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by spammertrap
sample headers offline for the truly self indulgent.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: whitelist_from_rcvd question (and more n+1 rules that score 6
points)
Posted by John Hardin <jh...@impsec.org>.
On Wed, 27 Jul 2011, Michael Scheidell wrote:
> Seems zixmail has not only decided to bastardize 'email' off the net, but
> now, when informing someone they got one, makes suck bad freeking headers
> that SA wants to tag it spam. take the bayes credit out and you have 8 points
> on a legit email.
Have you contacted them?
> sample headers offline for the truly self indulgent.
Please.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
W-w-w-w-w-where did he learn to n-n-negotiate like that?
-----------------------------------------------------------------------
9 days until the 276th anniversary of John Peter Zenger's acquittal
Re: whitelist_from_rcvd question (and more n+1 rules that score 6
points)
Posted by John Hardin <jh...@impsec.org>.
On Wed, 27 Jul 2011, Michael Scheidell wrote:
> Seems zixmail has not only decided to bastardize 'email' off the net, but
> now, when informing someone they got one, makes suck bad freeking headers
> that SA wants to tag it spam. take the bayes credit out and you have 8 points
> on a legit email.
>
> Yes, score=6.047 tag=-999 tag2=6 kill=6 tests=[BAYES_00=-1.9,
> FROM_MISSP_DKIM=0.001, FROM_MISSP_EH_MATCH=3.007, FROM_MISSP_REPLYTO=0.289,
> HTML_MESSAGE=0.001, NO_REAL_NAME=1, RELAY_COUNTRY_US=0.001,
> TDE_WS_HS_KOMBINATION=0.2, TO_NO_BRKTS_FROM_MSSP=3.448]
I'm adjusting those rules a bit.
> so, in the interests of being friendly, will this work?
>
> whitelist_from_rcvd *@* smtpout.zixmail.net
It should.
Perhaps that should go in the default whitelist. Open a bug?
> Received: from smtpout.zixmail.net (smtpout.zixmail.net [63.71.8.106]) (using
> TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate
> requested) by spammertrap
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
North Korea: the only country in the world where people would risk
execution to flee to communist China. -- Ride Fast
-----------------------------------------------------------------------
9 days until the 276th anniversary of John Peter Zenger's acquittal