On 20.12.22 18:59, Joey J wrote:
Basically, the client is talking about real money transactions, airplanes,
paypal etc, but he is a legit sender with these often flagged topics.
Sometimes the message goes through, but by the time you reply 2 or 3 times,
there are more of the buzz words that SA looks at based on rules.
We can't whitelist j...@company.com because of course everyone pretending to
be him will more than likely get whitelisted and you know the rest.
You have misunderstood that welcomelist_auth means.
It means that the sender has to pass SPF or DKIM, which means that random
people can NOT just send j...@company.com.
Within the reject to the user it had the following:
Spam detection results: 3
was this the legitimate mail? If so, your sender has multiple problems.
ClamAVHeuristics 3 ClamAV heuristic test:
Phishing.Email.SpoofedDomain (clamav)
this is at least not nice, problematic I'd say.
AWL -0.969 Adjusted score from AWL reputation of From:
address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
BIGNUM_EMAILS_MANY 2.999 Lots of email addresses/leads, over and over
this is very common with spam.
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not
necessarily valid
HTML_FONT_LOW_CONTRAST 0.001 HTML font color similar or identical to
background
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict
Alignment
this rule indicates that mail would NOT pass welcomelist_auth
If this is the mail you want then yes, you need welcomelist_from_rcvd, but
that's sender's faule.
T_FILL_THIS_FORM_SHORT 0.01 Fill in a short form with personal information
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
this usually means you need to configure your own DNS server and not use
public google/cloudflage/quad9 or your ISPs DNS servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.