On Wed, Dec 28, 2022 at 07:11:02PM +0200, Henrik K wrote: > On Wed, Dec 28, 2022 at 05:48:30PM +0100, Giovanni Bechis wrote: > > On Wed, Dec 28, 2022 at 12:55:35PM +0200, Henrik K wrote: > > > On Wed, Dec 28, 2022 at 11:43:04AM +0100, Giovanni Bechis wrote: > > > > Hi, > > > > recently I started receiving more spam from "drive-shares-noreply at > > > > google.com", this spam bypasses filters because it matches > > > > USER_IN_DEF_DKIM_WL that gives the email -7.5 points. > > > > Should we remove google.com from default whitelists ? > > > > > > > > Spample at: https://pastebin.com/hVD3FCCe > > > > > > > > Giovanni > > > > > > I would keep some legit ones > > > > > > googleplay-nore...@google.com > > > sc-nore...@google.com > > > nore...@google.com > > > *@accounts.google.com > > > > > > Don't have any more examples in my mbox.. > > > > > What about this diff ? More emails to whitelist ? > > > > Giovanni > > [...] > These match your sample and should be removed: > > 60_welcomelist_auth.cf:def_welcomelist_auth *@google.com > 60_welcomelist_auth.cf:def_whitelist_auth *@google.com > > These can probably be removed if you intent to add the same to _from_dkim: > > 60_welcomelist_auth.cf:def_welcomelist_auth *@accounts.google.com > 60_welcomelist_auth.cf:def_whitelist_auth *@accounts.google.com > thanks, second try:
Index: rules/60_welcomelist_auth.cf =================================================================== --- rules/60_welcomelist_auth.cf (revision 1906256) +++ rules/60_welcomelist_auth.cf (working copy) @@ -57,7 +57,10 @@ # High profile targets for spoofing def_welcomelist_auth *@facebookmail.com def_welcomelist_auth *@*.facebookmail.com -def_welcomelist_auth *@google.com +def_welcomelist_auth googlealerts-nore...@google.com +def_welcomelist_auth googleplay-nore...@google.com +def_welcomelist_auth sc-nore...@google.com +def_welcomelist_auth nore...@google.com def_welcomelist_auth *@accounts.google.com def_welcomelist_auth *@walmart.com def_welcomelist_auth *@*.walmart.com @@ -1036,7 +1039,10 @@ # High profile targets for spoofing def_whitelist_auth *@facebookmail.com def_whitelist_auth *@*.facebookmail.com -def_whitelist_auth *@google.com +def_whitelist_auth googlealerts-nore...@google.com +def_whitelist_auth googleplay-nore...@google.com +def_whitelist_auth sc-nore...@google.com +def_whitelist_auth nore...@google.com def_whitelist_auth *@accounts.google.com def_whitelist_auth *@walmart.com def_whitelist_auth *@*.walmart.com Index: rules/60_welcomelist_dkim.cf =================================================================== --- rules/60_welcomelist_dkim.cf (revision 1906256) +++ rules/60_welcomelist_dkim.cf (working copy) @@ -149,7 +149,10 @@ def_welcomelist_from_dkim *@cc.yahoo-inc.com yahoo-inc.com def_welcomelist_from_dkim *@cc.yahoo-inc.com def_welcomelist_from_dkim googlealerts-nore...@google.com -def_welcomelist_from_dkim *@*.google.com +def_welcomelist_from_dkim googleplay-nore...@google.com +def_welcomelist_from_dkim sc-nore...@google.com +def_welcomelist_from_dkim nore...@google.com +def_welcomelist_from_dkim *@accounts.google.com def_welcomelist_from_dkim *@springer.delivery.net def_welcomelist_from_dkim *@sci.scientific-direct.net @@ -266,7 +269,10 @@ def_whitelist_from_dkim *@cc.yahoo-inc.com yahoo-inc.com def_whitelist_from_dkim *@cc.yahoo-inc.com def_whitelist_from_dkim googlealerts-nore...@google.com -def_whitelist_from_dkim *@*.google.com +def_whitelist_from_dkim googleplay-nore...@google.com +def_whitelist_from_dkim sc-nore...@google.com +def_whitelist_from_dkim nore...@google.com +def_whitelist_from_dkim *@accounts.google.com def_whitelist_from_dkim *@springer.delivery.net def_whitelist_from_dkim *@sci.scientific-direct.net
signature.asc
Description: PGP signature
