messages with KAM_DRIVENUM 5.0 qurantined

General eFa discussion
Post Reply
bas60
Posts: 57
Joined: 04 Feb 2014 13:58

messages with KAM_DRIVENUM 5.0 qurantined

Post by bas60 »

emails from some domains constantly ending up Quarantine

KAM_DRIVENUM with score of 5.0
KAM_COUK 0.85

Google dosen't find KAM_DRIVENUM
iexpert
Posts: 1
Joined: 06 Dec 2016 19:15

Re: messages with KAM_DRIVENUM 5.0 qurantined

Post by iexpert »

Hi,

I have the same problem. Mail contains url on drive.google.com. For example pic.

Rule of SpamAssasin
http://www.pccc.com/downloads/SpamAssas ... rib/KAM.cf


#GOOGLE DRIVE POR
uri KAM_DRIVENUM /\d*.drive\.google.com/i
describe KAM_DRIVENUM Drive Links Prevalent in Spam
score KAM_DRIVENUM 5.0
# EOF

??
toddh
Posts: 69
Joined: 16 Feb 2015 18:52

Re: messages with KAM_DRIVENUM 5.0 qurantined

Post by toddh »

We are getting a number of valid emails tagged by KAM as spam.

The developer is very aggressive. KAM adds weight simply for not having SPF or DKIM records. They also add for having numbers in the subject, and having long URLs in the body(something many emailers do, including Nextdoor).

Here is an example.
0.80 BAYES_50 Bayes spam probability is 40 to 60%
1.00 KAM_LAZY_DOMAIN_SECURITY
2.50 KAM_LINKBAIT Short messages containing little more than a link, from a domain with no security in place
0.50 KAM_NUMSUBJECT
-0.70 RCVD_IN_DNSWL_LOW Sender listed at http://www.dnswl.org/, low trust
This email received a weight of 4 from KAM for no SPF/DKIM, a URL, and Numbers in the subject(KAM_LAZY_DOMAIN_SECURITY = no SPF or DKIM).

I created a request to make edits to KAM.cf permanent or make KAM EFA optional. It is tagging more HAM than SPAM in our environment.

Todd
thewomble
Posts: 50
Joined: 17 Jan 2017 12:52

Re: messages with KAM_DRIVENUM 5.0 qurantined

Post by thewomble »

Add below into local.cf

Code: Select all

score KAM_DRIVENUM 0.0
score KAM_COUK 0.0
This will score the objects with 0
Post Reply