HL wrote: > On 13/11/2013 12:52 μμ, Paul C wrote: >> From what I see from the spam scoring, you have a -100 from the domain >> being whitelisted,
> But there seem to be a zillion mail servers out there that do not comply > with the RFC, > > most of the times DNS and Reverse DNS and IP ADDRESSES and HELO > hostnames are totally wrong from other-wise legit mail servers. (Going a little OT; if you're still not sure about what I'm talking about ask for more info on the SpamAssassin users list.) I'm not sure how your points about rDNS and HELO arguments have anything to do with Google's servers (they have sane rDNS and HELO), but Paul's point was that you likely have a line in your SpamAssassin configuration somewhere like: whitelist_from *@google.com Do not use whitelist_from. If you really feel you have to whitelist anything claiming any association with Google, use whitelist_from_dkim; all mail legitimately using a @gmail.com or @google.com email should be DKIM-signed, and should originate from a Google server. Mail not originating from a Google server should not have a Google envelope sender. (We'll ignore mail forwarding cases for now.) FWIW, that particular relay IP in your example (41.13.5.22) doesn't look to be a mail server at all based on the HELO and rDNS, and as of a few moments ago was also listed on Spamhaus. > Clients don't want to understand this > specially if the these mails are about SALES !!!! > SALES = Money > But I have to reply to complaints again and again and again ... > > "Why did this spam passed through ???" .... You can either block all of the spam, and put up with the false positives, or you can block most of the spam, and only tag a legitimate message once in a while, or you can let almost all of the spam through. When someone complains, check your logs and let them know how many spams they *didn't* get in their Inbox. -kgd
