Hi there I just received some spam - got a score below 0. The real surprise was the -2 points it got from RCVD_IN_DNSWL_MED - a surprise because the domain was yahoo.co.uk!
I have no idea why DNSWL would ever give a negative score to any FREEMAIL (I use the SA rulename there) server - all free mail services will be prone to misuse So I'm thinking of trying to counteract that via meta UNDO_DNSWL_WHITELIST ( (RCVD_IN_DNSWL_MED) && FREEMAIL_FROM) describe UNDO_DNSWL_WHITELIST don't allow RCVD_IN_DNSWL_MED to whitelist freemail score UNDO_DNSWL_WHITELIST 2.0 Anyone see anything fundamentally wrong with that? It seems so obvious, I'm thinking I've overlooked something :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
