Am 25.08.2014 um 18:28 schrieb John Hardin: > On Mon, 25 Aug 2014, Reindl Harald wrote: > >> the plain content i attached as ZIP (what made it to the listg) is used for >> testing by just copy the content to a >> formmailer or in a new plaintext message in TB point directly to the test MX > > The massage body by itself usually isn't enough to tell much. Looking at it, > it's obviously a 419 spam, and your > rule hits support that.
correct > When troubleshooting stuff, we generally need the complete message including > all the original headers, saved as an > RFC-822-format text file. that's clear but it's a matter of how to reprocude what i did short before the update given a very high score and doing the same after the update and that is in all cases just past that plaintext into a MUA and send it to SA > In this case the question isn't "why aren't rules hitting", it's > "why are the rules now scoring less?" that's exactly my question > the same rules are hitting now as were before the update that's why i am wondering > Karsten covered that >> Given (a) you disabled RBL checks in SA the reason for that is that postfix in front already does a damned good job with RBL's and especially uses internal whitelists (rbldnsd) and a honeypot RBL and what i want to avoid is that that SA beats out the whitelists - i replay the data of the internal ones to "local.conf" into "trusted_networks" because until now i did not find a way to reflect the postscreen scoring below in SA postscreen_dnsbl_sites = dnsbl.thelounge.net*16 dul.dnsbl.sorbs.net*8 b.barracudacentral.org*7 dnsbl.inps.de*7 zen.spamhaus.org=127.0.0.[10;11]*6 zen.spamhaus.org=127.0.0.[4..7]*5 bl.spamcop.net*4 ix.dnsbl.manitu.net*4 zen.spamhaus.org=127.0.0.3*4 dnsbl-1.uceprotect.net*3 zen.spamhaus.org=127.0.0.2*3 bl.spameatingmonkey.net*2 dnsrbl.swinog.ch*2 psbl.surriel.com*2 spam.dnsbl.sorbs.net*2 ips.backscatterer.org*1 dnswl-low.thelounge.net*-3 list.dnswl.org=127.0.[0..255].0*-3 list.dnswl.org=127.0.[0..255].1*-4 list.dnswl.org=127.0.[0..255].2*-5 list.dnswl.org=127.0.[0..255].3*-6 dnswl-medium.thelounge.net*-8 dnswl-high.thelounge.net*-16 dnswl.thelounge.net*-24 > masscheck ties to ensure spams score at least 5 points, but doesn't > care beyond that yes, but given that the intention is to flag message above 5 with [SPAM] and reject messages above 7 which is the intention running SA as milter the reduced score matters
signature.asc
Description: OpenPGP digital signature
