Note that after enabling KAM.cf, you'll want to watch more closely for false positives and possibly adjust scores as necessary. I think it's a great addition to the default rules, but it's primarily tuned to Kevin's environment (though he's open to improvements) and some of the rules/scores may not be appropriate for your environment.
On Wed, 13 Dec 2017, Groach wrote:
On 13/12/2017 20:48, Antony Stone wrote: On Wednesday 13 December 2017 at 21:41:04, Groach wrote: Is there any suggestions on a rule or procedure to implement that will help defend against the MAILSPLOIT type of spoofing? See https://marc.info/?l=spamassassin-users&m=151265708616825&w=2 and follow - ups? Thanks for that. I followed the thread you mentioned: I see that 'Kevin' says he has a rule in his personal KAM.cf and that there isnt anything published in base spamassassin scores. (Or am I missing something)? So how does one: a, obtain KAM.cf or b, decipher the mechanism to which Kevin uses in order we can apply similar in our own local.cf (All help appreciated)
-- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | System Admin - UT CompSci =----------------------------------+------------------------------- All syllogisms contain three lines | sha...@shanew.net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew