Lately I see a lot of legitimate email being send via the Sophos' servers being flagged or nearly flagged as spam.
They do have valid DKIM so I guess I could tweak DKIM scoring to offset the high TXREP score.
94.140.18.81 id-euc1.prod.hydra.sophos.com United States
dkim=pass (2048-bit key) header.d=avis.nl header.i=@avis.nl header.b="IrCoHKGB";
dkim=pass (2048-bit key) header.d=mail-dkim-eu-central-1.prod.hydra.sophos.com header.i=@mail-dkim-eu-central-1.prod.hydra.sophos.com header.b="L3d1mt65"
3.18 TXREP Score normalizing based on sender's reputation
-0.10 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.10 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain
-0.10 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain
Is anyone else seeing this?
Bad TXREP scores from Sophos infra
Re: Bad TXREP scores from Sophos infra
Personally not seeing it, but this might help. create a file in /etc/mail/spamassassin/ called sophos_whitelist.cf. The put the content below in the file. Run spamassassin --lint. If no output you are good to restart sparmassassin systemctl restart spamassassin.
# /etc/mail/spamassassin/sophos_whitelist.cf
# Lower score for emails from Sophos with valid DKIM
header __SOPHOS_SERVER X-Spam-Relays-External =~ /\b(?:hydra\.sophos\.com|94\.140\.18\.81)\b/i
meta SOPHOS_DKIM_VALID (__SOPHOS_SERVER && DKIM_VALID)
score SOPHOS_DKIM_VALID -3.5
# Optional: Create a specific rule for the exact sender
header __FROM_AVIS_NL From =~ /\@avis\.nl\b/i
meta AVIS_SOPHOS_VALID (__FROM_AVIS_NL && __SOPHOS_SERVER && DKIM_VALID)
score AVIS_SOPHOS_VALID -4.0
# Override TXREP scoring for these specific cases
priority SOPHOS_DKIM_VALID 100
priority AVIS_SOPHOS_VALID 100
This configuration:
Creates a rule to identify emails coming from Sophos servers
Adds a negative score for valid DKIM emails from Sophos (-3.5)
Adds an even stronger negative score for specifically Avis.nl emails with valid DKIM from Sophos (-4.0)
Sets high priorities to ensure these rules override the TXREP scoring
# /etc/mail/spamassassin/sophos_whitelist.cf
# Lower score for emails from Sophos with valid DKIM
header __SOPHOS_SERVER X-Spam-Relays-External =~ /\b(?:hydra\.sophos\.com|94\.140\.18\.81)\b/i
meta SOPHOS_DKIM_VALID (__SOPHOS_SERVER && DKIM_VALID)
score SOPHOS_DKIM_VALID -3.5
# Optional: Create a specific rule for the exact sender
header __FROM_AVIS_NL From =~ /\@avis\.nl\b/i
meta AVIS_SOPHOS_VALID (__FROM_AVIS_NL && __SOPHOS_SERVER && DKIM_VALID)
score AVIS_SOPHOS_VALID -4.0
# Override TXREP scoring for these specific cases
priority SOPHOS_DKIM_VALID 100
priority AVIS_SOPHOS_VALID 100
This configuration:
Creates a rule to identify emails coming from Sophos servers
Adds a negative score for valid DKIM emails from Sophos (-3.5)
Adds an even stronger negative score for specifically Avis.nl emails with valid DKIM from Sophos (-4.0)
Sets high priorities to ensure these rules override the TXREP scoring