Got an e-mail from a user at yahoo (literally, their address is [email protected]). It ended up in greymail. No problem I found it there, and fished it out.
Since I used to run my on spam assassin, and then used to fine-tune the settings here (mostly for fun) decided to look at the scores, and found something surprising (I formatted the header line for better readability):
X-Spam-Report:
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [98.139.212.196 listed in list.dnswl.org]
* 5.0 SONIC_YAHOO No description available.
* 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (someone12[at]yahoo.com)
* 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED
* 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (someone12[at]yahoo.com)
* -0.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
* 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (someone12[at]yahoo.com)
* -0.4 SNF4SA Message Sniffer
* -0.5 DCC_REPUT_00_12 DCC reputation between 0 and 12 % (mostly ham)
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
* -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [98.139.212.196 listed in wl.mailspike.net]
* -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
* 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
Most of that looks reasonable, and I don't worry about the various scores that are around +- 1. The one that worries me is "SONIC_YAHOO", which gives a solid 5 points all at once, and pushes this message into greymail (the threshold is right there at 5). Does this mean that any e-mail from users @yahoo.com will go into greymail? If yes, is that my mistake (should I increase the cutoff from 5), or is something misconfigured here?
Just to make it clear: This is not terribly upsetting, and some ham going into the spam bin is to be expected, but this might Sonic's attention.
Since I used to run my on spam assassin, and then used to fine-tune the settings here (mostly for fun) decided to look at the scores, and found something surprising (I formatted the header line for better readability):
X-Spam-Report:
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [98.139.212.196 listed in list.dnswl.org]
* 5.0 SONIC_YAHOO No description available.
* 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (someone12[at]yahoo.com)
* 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED
* 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (someone12[at]yahoo.com)
* -0.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
* 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (someone12[at]yahoo.com)
* -0.4 SNF4SA Message Sniffer
* -0.5 DCC_REPUT_00_12 DCC reputation between 0 and 12 % (mostly ham)
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
* -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [98.139.212.196 listed in wl.mailspike.net]
* -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
* 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
Most of that looks reasonable, and I don't worry about the various scores that are around +- 1. The one that worries me is "SONIC_YAHOO", which gives a solid 5 points all at once, and pushes this message into greymail (the threshold is right there at 5). Does this mean that any e-mail from users @yahoo.com will go into greymail? If yes, is that my mistake (should I increase the cutoff from 5), or is something misconfigured here?
Just to make it clear: This is not terribly upsetting, and some ham going into the spam bin is to be expected, but this might Sonic's attention.
