Hi, >> I have several emails that are tagged with RCVD_IN_JMF_W, >> SPF_SOFTFAIL, and RAZOR2_CHECK such as this one: >> http://pastebin.com/m4a4d990e > > why accept SPF_SOFTFAIL ? > > cant this be solved ?
I don't understand. I'm still learning how the SPF rules work. Shouldn't I be adding points for an SPF_FAIL? This indicates a spoof attempt, no? > are you recieving forwarded emails from spf domains ? If I understand correctly, no. I have no relationship with any external source and their SPF records. > if so add the forward ip to trusted_networks (so spf will be disabled from > this hosts) Do you mean to avoid the processing overhead? IOW, don't bother checking SPF records for trusted domains? >> Is the criteria for being listed on the JMF_W simply that it >> contains a domain that is whitelisted, despite whether it >> contains another URL that is blacklisted? > > this is spamassassin working, if there is a blacklisted domain add it to > your uribl_skip_domain list Ah, you mean if the domain is erroneously on the blacklist, right? >> Would I be advised to make the JMF_W score very low, or create a >> meta that doesn't really whitelist it unless it isn't also blacklisted? > > this is ip and not domains On a somewhat related note, how does BOTNET differ from RDNS_NONE? What is the logic behind the BOTNET rule? Is there some known list that it's checking, or is it just likely to be a dynamic IP or compromised host if it doesn't have a reverse DNS entry? Thanks so much for the clarification, and confirmation about Gevalia/Kraft. Thanks, Alex
