>From: Paul Stead <paul.st...@zeninternet.co.uk> >Sent: Wednesday, January 25, 2017 3:34 PM
>On 25/01/2017, 17:49, "David Jones" <djo...@ena.com> wrote: >> Here is an example I just received: >> http://pastebin.com/fwbgMKF4 >Received: from mta165a.pmx1.epsl1.com (mta165a.pmx1.epsl1.com >[142.54.245.165]) - Pastebin.com >pastebin.com >> This message is very spammy looking and hit a high BAYES_ rule but >> was sent from a trustworthy sender with good SPF, DKIM and opt-out. >> The IP was not listed on any major RBLs at the time it was received. >> Everything looks good and should have been passed through to >> the recipient but my SA blocked it primarily due to BAYES_95. >> If I train my Bayes DB with this email as ham, then other similar >> spam could start scoring lower and get through. In this case, >> I want to trust the reputation of the sender more than the >> content so I have added it to my whitelist_auth list. >> whitelist_auth *@info.spectrum.com >A similar method I use is to have the DKIM signing domains I like in a rbl >server and query them with askdns >askdns LOCAL_TRUSTED_DKIM _DKIMDOMAIN_.lookup.example.com A 127.0.0.2 >tflags LOCAL_TRUSTED_DKIM nice net >describe LOCAL_TRUSTED_DKIM DKIM trusted sender >score LOCAL_TRUSTED_DKIM -7.5 Nice. I bet there are a number of ways to do the same thing. I was going for something easy to implement in all SA environments that didn't require setting up extra things like a local RBL server so the entire SA community would benefit. All SA servers should be running sa-update periodically so extending existing whitelist_auth lists would be the way to go. We would need a way to submit ham much like the masscheck processing so when a minimum number of ham submissions were received, it would be added to something like a 60_whitelist_auth.cf file that is updated via sa-update. Thoughts?
