For a couple of days now I could follow a strange behavior in my mail servers. More and more spam mails were tagged when they were clearly normal ham mails. All these e-mails have something in common: They were sent by an iPhone and didn't contain a subject nor body text, only an attached picture.
The problem is that such mails are now tagged by Razor (who knows why?):
RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5,
Possible solutions show up. One of them is decreasing the Razor scoring, but as this is the first false-positive I personally see with Razor I don't want to do that. Instead a new spamassassin rule does the job:
header CK_IPHONE_PICTURE ALL =~ /boundary\=Apple\-Mail.*/
describe CK_IPHONE_PICTURE Mail sent by iPhone including picture
score CK_IPHONE_PICTURE -5.0
Of all the affected mails I checked, they all had some header info in common. This rule checks the mails for the Apple-Mail header and scores it a bit lower.
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder