Hi, On Sun, Apr 30, 2017 at 3:32 PM, David Jones <djo...@ena.com> wrote: >>From: Alex <mysqlstud...@gmail.com> > >>On Sun, Apr 30, 2017 at 10:17 AM, David Jones <djo...@ena.com> wrote: >>>>From: Alex <mysqlstud...@gmail.com> >>> >>>>I'm having a problem with bounce messages being tagged as spam. What >>>>is the proper way to handle legitimate bounce messages these days? Is >>>>it safe to bypass scanning DSN bounce messages and route them directly >>>>with postfix? >>> >>> Sender reputation is key to proper spam detection including bounces. You >>> could try out these rules with very low scores until you are comfortable >>> with >>> them then set your own scores: >>> >>> 99_senderscore.cf > >>I'm using senderscore, but doing it in postfix, where I can reject >>messages outright. Perhaps I'll consider doing it in SA instead. > > You should do it in both. SA will have other rules based on content like > bayes that Postfix is not able to do. Think of Postfix as level 1 filtering > and > SA as level 2. Some checks will overlap which is fine. Postfix with > postscreen > RBLs will be more about sender reputation and SA will be more about content. > Trusted senders should be allowed to send some content as long as it's not > malicious.
Okay, I will investigate that and try it out for a while. >>> 99_mailspike.cf >>> ----------------------- >>> shortcircuit RCVD_IN_MSPIKE_H5 on >>> >>> score RCVD_IN_MSPIKE_H4 -3.2 >>... > >>I've actually done this, but backed off on the shortcircuit because >>there were several instances where the email originated from a site >>with a good reputation, but was clearly spam. I had enabled it, then >>ignored it, and it was a big problem. It was a while ago, so I don't really recall what the messages were, but it was really far from a constantcontact or just some marketing spam, iirc. I'll create a filter that sorts the MSPIKE messages for a while, and see what I find. > I have a huge list (thousands of entries) of whitelist_auth domains > of senders which allows me to crank up the sensitivity of content > checks and RBLs in SA and have very few complaints from customers. I've done that to a large extent as well, but also concerned that some of these legitimate senders get hacked on occasion, and misconfigured, so I'm perhaps a bit more apprehensive than you to go all out. Thanks for your advice, as always.
