Re: Tips for improving bounce message deliverability?

Wed, 24 Apr 2024 09:27:22 -0700 

Alex skrev den 2024-04-24 15:45:

Hi,
I'm using SA 4.0.1 and amavisd with postfix. I've identified a few
bounce messages in the quarantine because they weren't identified
properly. Here's one:
https://pastebin.com/RMNkcyhF



Content preview: Delivery has failed to these recipients or groups: 
CURTIS
  RICCIARDI (cuberi...@msn.com)<mailto:cuberi...@msn.com> The 
recipient's mailbox
   is full and can't accept messages now. Please try resending your 
message

  later, or contact the recipient directly [...]


Content Domains: banno.com jshorefcu.org mailgun.net office365.com 
outlook.com windows.net


Content analysis details:   (11.9 points, 5.0 required)

 pts rule name              description

---- ---------------------- 
--------------------------------------------------

 2.3 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 ARC_VALID              Message has a valid ARC signature
 0.0 ARC_SIGNED             Message has a ARC signature

 0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with 
Strict

                            Alignment

 0.5 AUTHRES_ARC_NONE       Authentication-Results: has "arc=none" 
result
 0.5 AUTHRES_DKIM_NONE      Authentication-Results: has "dkim=none" 
result
 0.5 AUTHRES_DMARC_NONE     Authentication-Results: has "dmarc=none" 
result

 2.0 URL_GREYLIST           Other untrustworthy TLDs

             [URI: bannoinstitutionassets.blob.core.windows.net 
(windows.net)]
 1.5 AUTHRES_SPF_NONE       Authentication-Results: has "spf=none" 
result

 0.0 HTML_MESSAGE           BODY: HTML included in message

 3.1 URI_IMG_CWINDOWSNET    Non-MSFT image hosted by Microsoft Azure 
infra,

                            possible phishing

 1.3 RDNS_NONE              Delivered to internal network by a host with 
no rDNS

 0.2 KAM_LOTSOFHASH         Emails with lots of hash-like gibberish

 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted 
Colors

                            in HTML


For example, it matches on
*  3.1 URI_IMG_CWINDOWSNET Non-MSFT image hosted by Microsoft Azure
infra, possible phishing


this is not in spamassassin core rules


 *  2.6 HOSTED_IMG_DIRECT_MX Image hosted at large ecomm, CDN or
hosting
 *      site, message direct-to-mx


also not in default rule sets


It also matches on ANY_BOUNCE_MESSAGE and BOUNCE_MESSAGE. Should metas
be created to avoid adding the above scores?

What more can be done to improve deliverability of these messages?
Perhaps this is something postfix can identify and bypass scanning?



it matches bounces since its a bounce, alt that is seen as a results of 
forwarding emails





















					Reply via email to