Obviously the right way is for the master rules to be adjusted. But if you want
a local fix, try something like this:
score RCVD_IN_DNSWL_HI -0.001
meta MY_RCVD_IN_DNSWL_HI RCVD_IN_DNSWL_HI && !SPF_FAIL
score MY_RCVD_IN_DNSWL_HI -5
describe MY_RCVD_IN_DNSWL_HI In DNS whitelist, good SPF
----- Original Message -----
I received a (relatively) well crafted Phishing email today. It was clearly
a well planned campaign. The Spamassassin score was as follows:
X-Spam-Status: No, score=-0.4 required=5.0 tests=GOOG_REDIR_NORDNS=0.001,
HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,
NORDNS_LOW_CONTRAST=0.001,RCVD_IN_DNSWL_HI=-5,RDNS_NONE=1.274,
SPF_FAIL=0.919,SPF_HELO_NONE=0.001,URIBL_BLOCKED=0.001,WIKI_IMG=2.397
autolearn=disabled version=3.4.6
DNS white-hole list checks should never ever pass if the SPF checks fail. In
fact, I can't think of any whitelist test that should pass if SPF fails. I
could attach a higher score to SPF_FAIL, but that would unduly affect cases
where the sender wasn't white listed.
I need a way to force Spammassassin to negate the effect of one test on the
passing of another.
