On 20.12.22 18:59, Joey J wrote:
Basically, the client is talking about real money transactions, airplanes,
paypal etc, but he is a legit sender with these often flagged topics.
Sometimes the message goes through, but by the time you reply 2 or 3 times,
there are more of the buzz words that SA looks at based on rules.

We can't whitelist j...@company.com because of course everyone pretending to
be him will more than likely get whitelisted and you know the rest.

You have misunderstood that welcomelist_auth means.

It means that the sender has to pass SPF or DKIM, which means that random people can NOT just send j...@company.com.

Within the reject to the user it had the following:
Spam detection results:  3

was this the legitimate mail? If so, your sender has multiple problems.

ClamAVHeuristics            3 ClamAV heuristic test:
Phishing.Email.SpoofedDomain (clamav)

this is at least not nice, problematic I'd say.

AWL                    -0.969 Adjusted score from AWL reputation of From:
address

BAYES_00                 -1.9 Bayes spam probability is 0 to 1%

BIGNUM_EMAILS_MANY      2.999 Lots of email addresses/leads, over and over

this is very common with spam.

DKIM_INVALID              0.1 DKIM or DK signature exists, but is not valid

DKIM_SIGNED               0.1 Message has a DKIM or DK signature, not
necessarily valid

HTML_FONT_LOW_CONTRAST  0.001 HTML font color similar or identical to
background

HTML_MESSAGE            0.001 HTML included in message

KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
Alignment

this rule indicates that mail would NOT pass welcomelist_auth If this is the mail you want then yes, you need welcomelist_from_rcvd, but that's sender's faule.

T_FILL_THIS_FORM_SHORT   0.01 Fill in a short form with personal information
URIBL_BLOCKED           0.001 ADMINISTRATOR NOTICE: The query to URIBL was
blocked.  See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

this usually means you need to configure your own DNS server and not use public google/cloudflage/quad9 or your ISPs DNS servers.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.

Reply via email to