On Sun, 21 Sep 2014, Reindl Harald wrote:
Am 21.09.2014 um 03:29 schrieb John Hardin:
On Sun, 21 Sep 2014, Reindl Harald wrote:
Am 20.09.2014 um 23:54 schrieb RW:
On Sat, 20 Sep 2014 15:48:05 +0200
Reindl Harald wrote:
http://www.antivirushelptool.com/spamassassin/header/USER_IN_DEF_DKIM_WL
that's too much and gives even a message on systems where
BAYES_99 and BAYES_999 would reach 8.0 a negative score
Do you have any evidence for it being too much? It seems about right
to me.
If you have an actual problem I'd suggest you use unwhitelist_from_dkim
locally and report the domain so it can be considered for delisting.
The dkim default whitelist contains domains that send a lot of
autogenerated and bulk mail, but have a very low probabilty of sending
spam
how can -7.5 be right?
it bypasses unconditional any bayse regardless if it is trained
with 100, 1000 or 10000 messages ham / spam and that can not
be the the right thing
That's kinda the *point* to a whitelist.
unconditional whitelists are as bad as unconditional blacklists
So you would be okay with the alternative: DKIM-signed legitimate emails
from a real bank being rejected as spam because your bayes has been
trained with legitimate-looking phishes and thinks they look phishy?
Would you care to share the spam that you posted the scores for at the
start of this thread? There's not much we can do with just the rules
that hit beside post vague guesses. The critical part is: which domain
is that whitelisted DKIM signature for?
no message content available - we don't store anything on the gateway
3 cases with score -5 twice and one time -2
message-id=<....@xtinmta4208.xt.local
bounce-...@bounce.mail.hotels.com
OK, mail.hotels.com is in the default DKIM whitelist.
I haven't looked through the DKIM whitelist code but I note that
def_whitelist_from_dkim supports specification of the domain in the DKIM
signature, and the mail.hotels.com entry does not specify the signing
domain.
Speculation: I wonder if it's possible that message was a forged
hotels.com email signed with DKIM from *another domain* and that's why the
default DKIM whitelist rule triggered.
Can someone with more familiarity with the details of DKIM comment on that
possibility?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Markley's Law (variant of Godwin's Law): As an online discussion
of gun owners' rights grows longer, the probability of an ad hominem
attack involving penis size approaches 1.
-----------------------------------------------------------------------
842 days since the first successful private support mission to ISS (SpaceX)
