Page 1 of 1

messages with KAM_DRIVENUM 5.0 qurantined

Posted: 05 Apr 2019 13:42
by bas60
emails from some domains constantly ending up Quarantine

KAM_DRIVENUM with score of 5.0
KAM_COUK 0.85

Google dosen't find KAM_DRIVENUM

Re: messages with KAM_DRIVENUM 5.0 qurantined

Posted: 09 Apr 2019 15:01
by iexpert
Hi,

I have the same problem. Mail contains url on drive.google.com. For example pic.

Rule of SpamAssasin
http://www.pccc.com/downloads/SpamAssas ... rib/KAM.cf


#GOOGLE DRIVE POR
uri KAM_DRIVENUM /\d*.drive\.google.com/i
describe KAM_DRIVENUM Drive Links Prevalent in Spam
score KAM_DRIVENUM 5.0
# EOF

??

Re: messages with KAM_DRIVENUM 5.0 qurantined

Posted: 24 Apr 2019 13:39
by toddh
We are getting a number of valid emails tagged by KAM as spam.

The developer is very aggressive. KAM adds weight simply for not having SPF or DKIM records. They also add for having numbers in the subject, and having long URLs in the body(something many emailers do, including Nextdoor).

Here is an example.
0.80 BAYES_50 Bayes spam probability is 40 to 60%
1.00 KAM_LAZY_DOMAIN_SECURITY
2.50 KAM_LINKBAIT Short messages containing little more than a link, from a domain with no security in place
0.50 KAM_NUMSUBJECT
-0.70 RCVD_IN_DNSWL_LOW Sender listed at http://www.dnswl.org/, low trust
This email received a weight of 4 from KAM for no SPF/DKIM, a URL, and Numbers in the subject(KAM_LAZY_DOMAIN_SECURITY = no SPF or DKIM).

I created a request to make edits to KAM.cf permanent or make KAM EFA optional. It is tagging more HAM than SPAM in our environment.

Todd

Re: messages with KAM_DRIVENUM 5.0 qurantined

Posted: 30 Apr 2019 13:39
by thewomble
Add below into local.cf

Code: Select all

score KAM_DRIVENUM 0.0
score KAM_COUK 0.0
This will score the objects with 0