Ok, I'm pretty sure this is mostly on my end, but I think there are also some issues with the __NOT_SPOOFED meta rule.
1: I was able to reproduce getting the SPOOFED_FREEMAIL locally on my machine when running spammassassin with the -L parameter. 2: The reason (I assume) that I get the rule hit on my servers is this which I get when I run a manual spamassassin check with debugging enabled: dbg: dkim: cannot load Mail::DKIM module, DKIM checks disabled: Can't locate Mail/DKIM/Verifier.pm in @INC (you may need to install the Mail::DKIM::Verifier module) (@INC contains: lib /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/mach/5.28 /usr/local/lib/perl5/5.28/mach /usr/local/lib/perl5/5.28) at /usr/local/lib/perl5/site_perl/Mail/SpamAssassin/Plugin/DKIM.pm line 675. So, given that the Mail::SpamAssassin::Plugin::DKIM plugin is loaded, __NOT_SPOOFED will check DKIM_VALID and ignore the -L parameter and ignore errors with the DKIM validity check. On 9/18/19 2:07 PM, Dan Malm wrote: > Hi, > > I've gotten some reports about mails from hotmail being incorrectly > filtered as spam on my systems. I'm seeing a lot of perfectly valid, > non-spoofed mails from them hitting the SPOOFED_FREEMAIL rule. Is anyone > else seeing the same, or is it some issue in my configuration? > > RuleQA seems to indicate something being wrong if I'm reading this > correct though: > > overlap spam: 100% of SPOOFED_FREEMAIL hits also hit FREEMAIL_FROM; 99% > of FREEMAIL_FROM hits also hit SPOOFED_FREEMAIL (ham 100%) > > 100% of ham that hit's FREEMAIL_FROM also hits SPOOFED_FREEMAIL? > https://ruleqa.spamassassin.org/20190917-r1867043-n/SPOOFED_FREEMAIL/detail > -- BR/Mvh. Dan Malm, Systems Engineer, One.com
pEpkey.asc
Description: application/pgp-keys
