Hi, I have a set of users that are authorized to use the mail server via pop-before-smtp, but SA catches the mail they send through the system as spam because they are on blacklisted Verizon or Comcast IPs:
X-Spam-Status: Yes, hits=5.4 tag1=-300.0 tag2=5.0 kill=5.0 use_bayes=1 tests=BAYES_50, BOTNET, FH_HOST_EQ_VERIZON_P, RCVD_IN_PBL, RCVD_IN_SORBS_DUL, RDNS_DYNAMIC, RELAYCOUNTRY_US, SPF_SOFTFAIL I also don't understand how SPF_SOFTFAIL could happen when there wasn't any SPF record to test to begin with. One of the Comcast users: X-Spam-Status: Yes, hits=6.4 tag1=-300.0 tag2=5.0 kill=5.0 use_bayes=1 tests=BAYES_50, BOTNET, DYN_RDNS_SHORT_HELO_HTML, HTML_MESSAGE, RCVD_IN_PBL, RCVD_IN_SORBS_DUL, RDNS_DYNAMIC, RELAYCOUNTRY_US, SPF_SOFTFAIL, SUBJ_ALL_CAPS We are working on better Bayes training, but sans that problem, what is the right way to address this, through a rule that whitelists their specific IP? Another mail that I'm dealing with is one sent by Marriott that hit SARE_HTML_URI_REFID, DCC_CHECK, and AE_DETAILS_WITH_MONEY, among being whitelisted by JMF/HOSTKARMA. I don't know how it hit DCC when there are details in there specific to the user, including account numbers, user names, etc. How should I go about allowing this type of mail without disrupting its ability to block mail that should be blocked with these rules? I'm sure I can add a rule subtracting points if it hits these and comes from Marriott, but I thought there might be something that could address the more general problem rather than this specific one from Marriott. Perhaps I'm making it too hard. Thanks, Alex
