On Mon, 10 Sep 2012, Helmut Schneider wrote:
Short story:
Can I exclude hosts from RCVD_IN_DNSWL_LOW/MED/HI?
Long story:
We are using an external provider to filter SPAM. We also use SA
internally. Sometimes mails are not recognized as SPAM externally and
forwarded to SA. The mailrelays of the external provider are listed in
RCVD_IN_DNSWL_MED and therefore SA subtracts -2.3 points. While SA
would recognize and filter the SPAM correctly it does not because of
RCVD_IN_DNSWL_MED. So I would like to exclude those mailrelays from
(e.g.) RCVD_IN_DNSWL_MED.
I know I can write a rule that adds a score to those mailrelays but
that seems to be "not perfect" as membership of that host might change
from RCVD_IN_DNSWL_MED to RCVD_IN_DNSWL_HI/LOW and v.v. and then would
receive different scores.
Make a subrule that looks for your mail service host's name in Received
headers, and add a meta that fires on that rule + RCVD_IN_DNSWL_MED and
adds compensating points.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Sheep have only two speeds: graze and stampede. -- LTC Grossman
-----------------------------------------------------------------------
Tomorrow: the 11st anniversary of 9/11
