Page 1 of 1
messages with KAM_DRIVENUM 5.0 qurantined
Posted: 05 Apr 2019 13:42
by bas60
emails from some domains constantly ending up Quarantine
KAM_DRIVENUM with score of 5.0
KAM_COUK 0.85
Google dosen't find KAM_DRIVENUM
Re: messages with KAM_DRIVENUM 5.0 qurantined
Posted: 09 Apr 2019 15:01
by iexpert
Hi,
I have the same problem. Mail contains url on drive.google.com. For example pic.
Rule of SpamAssasin
http://www.pccc.com/downloads/SpamAssas ... rib/KAM.cf
#GOOGLE DRIVE POR
uri KAM_DRIVENUM /\d*.drive\.google.com/i
describe KAM_DRIVENUM Drive Links Prevalent in Spam
score KAM_DRIVENUM 5.0
# EOF
??
Re: messages with KAM_DRIVENUM 5.0 qurantined
Posted: 24 Apr 2019 13:39
by toddh
We are getting a number of valid emails tagged by KAM as spam.
The developer is very aggressive. KAM adds weight simply for not having SPF or DKIM records. They also add for having numbers in the subject, and having long URLs in the body(something many emailers do, including Nextdoor).
Here is an example.
0.80 BAYES_50 Bayes spam probability is 40 to 60%
1.00 KAM_LAZY_DOMAIN_SECURITY
2.50 KAM_LINKBAIT Short messages containing little more than a link, from a domain with no security in place
0.50 KAM_NUMSUBJECT
-0.70 RCVD_IN_DNSWL_LOW Sender listed at
http://www.dnswl.org/, low trust
This email received a weight of 4 from KAM for no SPF/DKIM, a URL, and Numbers in the subject(KAM_LAZY_DOMAIN_SECURITY = no SPF or DKIM).
I created a request to make edits to KAM.cf permanent or make KAM EFA optional. It is tagging more HAM than SPAM in our environment.
Todd
Re: messages with KAM_DRIVENUM 5.0 qurantined
Posted: 30 Apr 2019 13:39
by thewomble
Add below into local.cf
Code: Select all
score KAM_DRIVENUM 0.0
score KAM_COUK 0.0
This will score the objects with 0