David Jones kirjoitti 13.10.2017 14:16:
On 10/13/2017 04:45 AM, Jari Fredriksson wrote:I don't use Kam.cf <http://Kam.cf> as it is very prone to false=20 positives and way too aggressively scored by default. I'm pretty happy=
=20
with my current setup with 3.4.1 though. =20=20 If you are happy with your SA accuracy, don't change a thing. :) Have you tried the KAM.cf lately?
Indeed I have. This just came today:
X-Spam-Report:
* 0.5 JMQ_SPF_NEUTRAL_ALL ASKDNS: SPF set to ?all!
* [mail99.sea21.rsgsv.net TXT:v=3Dspf1]
[ip4:148.105.12.99 include:spf.mandrillapp.com]
[?all]
* 0.4 URIBL_GREY Contains an URL listed in the URIBL greylist
* [URIs: forward-to-friend.com]
* -0.2 RCVD_IN_IADB_RDNS RBL: IADB: Sender has reverse DNS record
* [148.105.12.99 listed in iadb.isipp.com]
* -0.0 RCVD_IN_IADB_LISTED RBL: Participates in the IADB system
* -0.1 RCVD_IN_IADB_SPF RBL: IADB: Sender publishes SPF record
* -0.0 RCVD_IN_IADB_SENDERID RBL: IADB: Sender publishes Sender ID=20
record
* -0.1 RCVD_IN_IADB_DK RBL: IADB: Sender publishes Domain Keys=20
record
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at=20
http://www.dnswl.org/, no
* trust
* [148.105.12.99 listed in list.dnswl.org]
* 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level=20
mail
* domains are different
* -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay=
=20
domain
* 1.0 HTML_MESSAGE BODY: HTML included in message
* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or=20
identical to
* background
* 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76=20
chars
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not=20
necessarily
* valid
* 10 KAM_SOMETLD_ARE_BAD_TLD .stream, .trade, .pw, .top, .press,=20
=2Ebid &
* .link TLD Abuse
* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
* 0.0 KAM_SHORT Use of a URL Shortener for very short URL
The mail is ham from sourceforge.net. I'm able to deliver the post to=20
KAM if he is willing to look at it.
Hit points like 10 points for this issue BAD_TLD are just killing my=20
system, which will report to spamcop, razor and pyzor without manual=20
intervention :(
False positives are usually nonexistent with my setup, and this can not=20
be taken into production.
br. jarif
=20 KAM.cf does have high scores when you first look at it but if you have other SA add-ons that subtract points for being "good", then the high KAM.cf scores complement things well. Also, I am using MailScanner and the default block score is 6.0 which helps a bit too. My custom rule scores tend to be high on both ends. =2012. lokakuuta 2017 17.07.41 GMT+03:00 "Kevin A. McGrail"=20 <kevin.mcgr...@mcgrail.com> kirjoitti: >On 10/12/2017 9:25 AM, AJ Weber wrote: >> I'm open to new rules, plug-ins, etc.=C2=A0 Spam volume is only gett=
ing
>> worse, and these spammers are getting more creative. > >Hi AJ, > >I have to say that 3.3.0 is pretty old.=C2=A0 I'd look to run a newer >version, invest some time into researching a few RBLs and consider >adding my KAM.cf <http://KAM.cf> file. > >Regards, >KAM
--=20 ja...@iki.fi
signature.asc
Description: OpenPGP digital signature
