Is there a way to have an entry like *.yahoo.com in noPB or noPBWhite? I know we can put something like sonic309-21.consmr.mail.ne1.yahoo.com but what if I never want any IP that reversed to any yahoo.com name to be penalized? I'm aware that a spammer could easily have their ip reverse to a yahoo hostname, but I'd hope to catch using other methods.
I've got a little script that takes IP's from SPF records for major providers. (I've posted it here before). Those IP's get added to group definitions and can be used from there. One thing I've done for a long time is having the IP's from gmail's and yahoo's SPF records in noPB and noPBWhite. This way, these email providers are never penalized nor pbWhite. Too many spammers send mail through real yahoo and gmail accounts, but we can't negatively score because about 20% of our legit inbound mail comes from these 2 providers. We also don't want to pbWhite the IP's or bayesian/hmm spam will get 15 points removed and pass. This has worked great for a long long time. However, with yahoo, I'm noticing now that there's inbound mail coming from non-SPF matching IP addresses. For example: Aug-24-19 12:27:31 61051-11848 66.163.184.147 <sen...@yahoo.com> to: ouru...@domain.org [scoring] DKIM signature verified-OK - header-passed - identity is: @yahoo.com - sender policy is: neutral - author policy is: neutral Aug-24-19 12:27:32 61051-11848 66.163.184.147 <sen...@yahoo.com> to: ouru...@domain.org Message-Score: added -15 (pbwValencePB) for In Penalty White Box, total score for this message is now -15 That message DKIM verified. It really came through yahoo. However, 66.163.184.147 doesn't match their SPF, so it wasn't excluded from my IP whitelist. It's in the pbWhite. Even though the message gets 50 for bayesian, it starts at -15, so passes. Any other suggestions are very welcome!! thanks
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
