On 4/18/19 1:55 AM, Brent Clark wrote: > Good day Guys > > Would anyone be willing to share their shortcircuiting list. > > Currently I am just shortcircuiting CLAMAV, Im looking to improve SA. > > Many thanks. > > Regards > Brent
shortcircuit ALL_TRUSTED off shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DEF_WHITELIST on shortcircuit USER_IN_BLACKLIST on shortcircuit USER_IN_DKIM_WHITELIST on shortcircuit USER_IN_SPF_WHITELIST on shortcircuit USER_IN_DEF_DKIM_WL off shortcircuit USER_IN_DEF_SPF_WL off shortcircuit RCVD_IN_RP_CERTIFIED off shortcircuit RCVD_IN_RP_SAFE off You will need to set the priority lower than the default to hit before some of the entries above. Run some messages manually with "spamassassin -D < email.msg" to see the priority if your shortcircuit rule isn't getting hit because a lower priority shortcircuit hit first. I also have some outbound rules that shortcircuit unique emails like those from scanner/copiers that often have missing headers like no Message-ID, bad HELO, etc. Here's an example of a useful one that we all have problems with if we are filtering outbound email: meta ENA_COPIER ALL_TRUSTED && (__SUBJ_COPIER || __MAILER_COPIER || __MSGID_COPIER || __MIME_COPIER || __FROM_COPIER || __RCVD_COPIER) priority ENA_COPIER -500 describe ENA_COPIER Sent from a copier on network. score ENA_COPIER -0.001 priority ENA_COPIER -500 shortcircuit ENA_COPIER ham tflags ENA_COPIER noautolearn nice I am not publishing the details of those header rules in the meta above on purpose so this rule could be exploited by a compromised account from our network through our mail relays. These should be fairly obvious based on their names as to what they do. Hope this helps, -- David Jones
