On 07/14/2017 09:22 PM, Alex wrote:
Hi,
The ENA_BAD_SPAM rule is a combination of 2 different types (reputation
and
content) rules with an AND between them. For example (this is is about
one-third of the rule):
Is it usable like this?
Try it out with a score of 0.001 and see what you think. It should have
been valid. Just drop it in and run:
spamassassin -D --lint 2>&1 | /bin/grep -Ei '(failed|undefined
dependency|score set for non-existent rule)' | /bin/grep ENA_
By "usable" I meant have you included enough of the rule for it to
really be effective?
I let it run for the day, and it's just not anchored well enough to
provide any meaningful benefit. It's hitting on jcpenny, vresp.com,
constantcontact, sendgrid, facebook, etc.
I have all of those senders in whitelist_auth entries. The ENA_BAD_SPAM
has a score of 0.001 just as a place holder for other meta rules based
on it that have a score of 1.2 - 3.2.
Once you setup different tiers of senders and SHORTCIRCUIT all of the
trusted senders that usually score very low, you will be able to handle
regular and untrusted senders more aggressively.
As I have said before, I SHORTCIRCUIT as ham thousands of domains based
on their envelope-from domain as long as they have legit unsubscribe/opt
out processes/links. Now I don't have to worry about these being
falsely categorized as spam based on content. I don't SHORTCIRCUIT any
FREEMAIL domains or any domains that have user mailboxes that can be
compromised.
My MTA blocks the majority of the junk so what passes through SA is
mostly SHORTCIRCUIT'd as ham. Less than 5 percent is spam blocked by
SA. I only get the occasional report of spam from customers from
compromised accounts now which are very difficult to block based on
reputation. Content-based rules are really the only way since these
spammers are crafting zero-hour email that are designed to get through
major mail filters.
--
David Jones
