Hi,
Some portion of our users are from China. I hoped someone could help
me troubleshoot the best way to permit a user from .cn to forward mail
without improperly being tagged as spam, yet still block the majority
of spam from .cn.
Here's the SA report:
X-Spam-Report:
* 0.1 RELAYCOUNTRY_CN Relayed through China
* 2.0 RELAYCOUNTRY_HIGH Relayed by a country thats a bad spam source
* 1.0 EXTRA_MPART_TYPE Header has extraneous
Content-type:...type= entry
* -0.0 SPF_PASS SPF: sender matches SPF record
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* 0.0 LOC_URI_CN URI: Contains CN URI
* 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
* [score: 0.5000]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 T_TVD_FW_GRAPHIC_ID1 BODY: T_TVD_FW_GRAPHIC_ID1
* 1.8 MIME_BASE64_TEXT RAW: Message text disguised using
base64 encoding
* 1.5 MY_CID_AND_ARIAL2 SARE CID and Arial2
* 1.6 PART_CID_STOCK Has a spammy image attachment (by Content-ID)
* 1.5 MY_CID_AND_STYLE SARE cid and style
* 1.6 MY_CID_ARIAL_STYLE SARE cid arial2 style
Bayes could probably use a bit of work, but is there something that I
should be investigating based on this to improve the accuracy, or
should I just whitelist_from_rcvd the user since it's a minority of
valid accounts from China?
Even if I remove the RELAYCOUNTRY_HIGH meta, it's still over the 5.0 threshold.
Thanks,
Alex
