>From: Chris <cpoll...@embarqmail.com> >David and others, thank you for the replies. I've lowered the score for >Botnet down to 1.0, may go lower if it continues to cause problems or >just get rid of it. I've added this to my whitelist.cf:
>whitelist_auth *@*.us-cert.gov us-cert.gov This should be: whitelist_auth *@*.us-cert.gov which will be triggered by SPF_PASS or DKIM_VALID_AU. >I guess this rule hit is something that can't be avoided. I guess I >could lower the score but then that would defeat the purpose of the >rule. >5.5 KAM_STOCKTIP Email Contains Pump & Dump Stock Tip Normally there should be other good rules that would subtract points to get it down below the 5.0 or 6.0 block threshold. See the SA mailing list archives for my other postings about shortcircuit rules that allow trusted senders like this one to pass through allowing the KAM_*, BAYES_99, etc. with high scores to block more based on content rather than reputation which is what that BOTNET rule did incorrectly. The whitelist_auth entry will bypass those rules now. Dave
