messages with KAM_DRIVENUM 5.0 qurantined

General eFa discussion
Post Reply
bas60
Posts: 43
Joined: 04 Feb 2014 13:58

messages with KAM_DRIVENUM 5.0 qurantined

Post by bas60 » 05 Apr 2019 13:42

emails from some domains constantly ending up Quarantine

KAM_DRIVENUM with score of 5.0
KAM_COUK 0.85

Google dosen't find KAM_DRIVENUM

iexpert
Posts: 1
Joined: 06 Dec 2016 19:15

Re: messages with KAM_DRIVENUM 5.0 qurantined

Post by iexpert » 09 Apr 2019 15:01

Hi,

I have the same problem. Mail contains url on drive.google.com. For example pic.

Rule of SpamAssasin
http://www.pccc.com/downloads/SpamAssas ... rib/KAM.cf


#GOOGLE DRIVE POR
uri KAM_DRIVENUM /\d*.drive\.google.com/i
describe KAM_DRIVENUM Drive Links Prevalent in Spam
score KAM_DRIVENUM 5.0
# EOF

??

toddh
Posts: 56
Joined: 16 Feb 2015 18:52

Re: messages with KAM_DRIVENUM 5.0 qurantined

Post by toddh » 24 Apr 2019 13:39

We are getting a number of valid emails tagged by KAM as spam.

The developer is very aggressive. KAM adds weight simply for not having SPF or DKIM records. They also add for having numbers in the subject, and having long URLs in the body(something many emailers do, including Nextdoor).

Here is an example.
0.80 BAYES_50 Bayes spam probability is 40 to 60%
1.00 KAM_LAZY_DOMAIN_SECURITY
2.50 KAM_LINKBAIT Short messages containing little more than a link, from a domain with no security in place
0.50 KAM_NUMSUBJECT
-0.70 RCVD_IN_DNSWL_LOW Sender listed at http://www.dnswl.org/, low trust
This email received a weight of 4 from KAM for no SPF/DKIM, a URL, and Numbers in the subject(KAM_LAZY_DOMAIN_SECURITY = no SPF or DKIM).

I created a request to make edits to KAM.cf permanent or make KAM EFA optional. It is tagging more HAM than SPAM in our environment.

Todd

thewomble
Posts: 43
Joined: 17 Jan 2017 12:52

Re: messages with KAM_DRIVENUM 5.0 qurantined

Post by thewomble » 30 Apr 2019 13:39

Add below into local.cf

Code: Select all

score KAM_DRIVENUM 0.0
score KAM_COUK 0.0
This will score the objects with 0

Post Reply