From: Alex <mysqlstud...@gmail.com> >On Sun, Apr 30, 2017 at 3:32 PM, David Jones <djo...@ena.com> wrote: >>>From: Alex <mysqlstud...@gmail.com> >> >>>> 99_mailspike.cf >>>> ----------------------- >>>> shortcircuit RCVD_IN_MSPIKE_H5 on >>>> >>>> score RCVD_IN_MSPIKE_H4 -3.2 >>>... >> >>>I've actually done this, but backed off on the shortcircuit because >>>there were several instances where the email originated from a site >>>with a good reputation, but was clearly spam. I had enabled it, then >>>ignored it, and it was a big problem.
>It was a while ago, so I don't really recall what the messages were, >but it was really far from a constantcontact or just some marketing >spam, iirc. >I'll create a filter that sorts the MSPIKE messages for a while, and >see what I find. It doesn't hurt anything to put those rules in place with a score of 0.001 or -0.001, let them run a while, then do some log analysis. >> I have a huge list (thousands of entries) of whitelist_auth domains >> of senders which allows me to crank up the sensitivity of content >> checks and RBLs in SA and have very few complaints from customers. >I've done that to a large extent as well, but also concerned that some >of these legitimate senders get hacked on occasion, and misconfigured, >so I'm perhaps a bit more apprehensive than you to go all out. Mass senders and system-generated emails typically don't get hacked or compromised. You really only have to worry about real human mailboxes that won't be on those shortcircuit'd rules. Notice I don't have any short- circuit'd senderscore.org rules, just these: shortcircuit RCVD_IN_MSPIKE_H5 shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DEF_WHITELIST on shortcircuit USER_IN_BLACKLIST on shortcircuit USER_IN_DKIM_WHITELIST on shortcircuit USER_IN_DEF_DKIM_WL on shortcircuit USER_IN_SPF_WHITELIST on shortcircuit USER_IN_DEF_SPF_WL on shortcircuit RCVD_IN_RP_CERTIFIED on shortcircuit RCVD_IN_RP_SAFE on shortcircuit RCVD_IN_DNSWL_HI on shortcircuit RCVD_IN_IADB_LISTED on shortcircuit RCVD_IN_IADB_SPF on shortcircuit RCVD_IN_IADB_DK on shortcircuit RCVD_IN_IADB_RDNS on shortcircuit RCVD_IN_IADB_SENDERID on shortcircuit RCVD_IN_IADB_OPTIN on I have had 2 instances of spam from some senders listed in on of the rules above over the past 3 or 4 years. In in both cases, the senders had abuse report headers that I submitted to them and they took immediate action to block the sender. That is how it should work so I started adding abuse headers to our outbound mail to be a good Internet citizen. Dave
