On Tue, 2017-05-09 at 01:13 +0000, David Jones wrote: > > > > From: Chris <cpoll...@embarqmail.com> > > > > > David and others, thank you for the replies. I've lowered the score > > for > > Botnet down to 1.0, may go lower if it continues to cause problems > > or > > just get rid of it. I've added this to my whitelist.cf: > > > > whitelist_auth *@*.us-cert.gov us-cert.gov > This should be: > > whitelist_auth *@*.us-cert.gov > I don't know why I keep putting the second entry in my 'my- whitelist.cf' file. I must have read it or something a long, long time ago in order to be doing this.
> which will be triggered by SPF_PASS or DKIM_VALID_AU. > > > > > I guess this rule hit is something that can't be avoided. I guess I > > could lower the score but then that would defeat the purpose of the > > rule. > > > > 5.5 KAM_STOCKTIP Email Contains Pump & Dump Stock Tip > Normally there should be other good rules that would subtract > points to get it down below the 5.0 or 6.0 block threshold. See > the SA mailing list archives for my other postings about shortcircuit > rules that allow trusted senders like this one to pass through > allowing > the KAM_*, BAYES_99, etc. with high scores to block more based on > content rather than reputation which is what that BOTNET rule did > incorrectly. The whitelist_auth entry will bypass those rules now. > > Dave Thanks Dave, I'll go back through the archives for your other postings about shortcircuit. Chris -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 20:23:13 up 7 days, 3:06, 1 user, load average: 0.30, 0.39, 0.39 Description: Ubuntu 16.04.2 LTS, kernel 4.4.0-77-generic
signature.asc
Description: This is a digitally signed message part
