1

Topic: Spam scores distorted by RCVD_IN_DNSWL_HI=-5

Topic: Spam filter tuning - RCVD_IN_DNSWL_HI parameter
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):              v. 1.5.2 MariaDB
- Deployed with iRedMail Easy or the downloadable installer?  downloadable installer
- Linux/BSD distribution name and version:      Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):   MariaDB / MySQL
- Web server (Apache or Nginx):            NginX
- Manage mail accounts with iRedAdmin-Pro?   no

====

Recently I have some spam messages delivered to inbox.
Checking the Spam tests, I see a recurrent parameter [RCVD_IN_DNSWL_HI=-5] that substract 5 point from scores.

Example:
X-Spam-Status: No, score=2.795 tagged_above=-2 required=4.8
    tests=[BAYES_99=3.5, BAYES_999=0.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    HTML_IMAGE_ONLY_16=1.092, HTML_IMAGE_RATIO_02=0.001,
    HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, RCVD_IN_DNSWL_HI=-5,
    SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001,
    XM_RECPTID=2.999] autolearn=no autolearn_force=no

Is it safe to set   RCVD_IN_DNSWL_HI=-0.01 ?

How can I do that?

Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Spam scores distorted by RCVD_IN_DNSWL_HI=-5

RCVD_IN_DNSWL_HI  means "Sender listed at http://www.dnswl.org/, high trust".
If you think it's not worth the trust, feel free to disable it by adding this line in /etc/mail/spamassassin/local.cf, then restart amavisd service (spamassassin will be called by Amavisd):

score RCVD_IN_DNSWL_HI 0

3

Re: Spam scores distorted by RCVD_IN_DNSWL_HI=-5

Thank you so much Mr Zhang, it works!

ZhangHuangbin wrote:

If you think it's not worth the trust, feel free to disable it by adding this line in /etc/mail/spamassassin/local.cf

score RCVD_IN_DNSWL_HI 0

I made some tests, finally I set
score RCVD_IN_DNSWL_HI -2
because I didn't like to disable it at all, it's enough to mitigate the false positives.