On Fri, 31 Aug 2018 16:16:43 -0700 (PDT) John Hardin wrote: > On Fri, 31 Aug 2018, John Hardin wrote: > > > None of the masscheck corpora that hit __HDR_ORDER_FTSDMCXXXX also > > hit ALL_TRUSTED (or at least the portion is so small it falls off > > the bottom of the report) so I don't feel too worried about adding > > either !ALL_TRUSTED or __ANY_EXTERNAL (or potentially both) as > > exclusions. > > > > I'm adding __ANY_EXTERNAL now... > > > > Comments solicited. > > Here's one: should __ANY_EXTERNAL be added to any other rules that > primarily look for abused MSFT-isms? > > For example, MIMEOLE_DIRECT_TO_MX, DOS_OE_TO_MX, DOS_OUTLOOK_TO_MX, > XPRIO_SHORT_SUBJ, ...?
All but the last one is a direct-to-mx rule, which requires one external relay, so adding __ANY_EXTERNAL to those is pointless. I'm curious why you have header ANY_EXTERNAL_RELAY ALL-EXTERNAL =~ /\S/ which looks for an external header rather than the more straightforward header ANY_EXTERNAL_RELAY X-Spam-Relays-External =~ /\S/ which looks for an external relay. I think they are functionally equivalent. I don't think __ANY_EXTERNAL is a good idea, it should be sufficient that the headers are all trusted, __ANY_EXTERNAL requires that people read this thread and make a questionable change to their networks to take advantage.
