There's lots of common headers that are basically huge base64 strings,
creating stupid amounts of random Bayes tokens.
Apparently rulesrc/sandbox/axb/23_bayes_ignore_header.cf was created to
handle some of these already?
I've found atleast these missing:
IronPort-SDR
X-Exchange-Antispam-Report-CFA-Test
X-Forefront-Antispam-Report-Untrusted
X-Gm-Message-State
X-MS-Exchange-AntiSpam-MessageData
X-MS-Exchange-AntiSpam-MessageData-0
X-MS-Exchange-CrossTenant-UserPrincipalName
X-MS-Exchange-SLBlob-MailProps
X-MSFBL
X-Microsoft-Antispam-Message-Info
X-Microsoft-Antispam-Message-Info-Original
X-Microsoft-Antispam-Untrusted
X-Microsoft-Exchange-Diagnostics
X-Provags-ID
X-SG-EID
X-SG-ID
Wouldn't these be better put directly into bayes/23_bayes.cf instead of some
sandbox, that's intended more for testing rules than changing SA config?
Any objections 1) adding these new ones 2) moving everything to 23_bayes.cf?
creating stupid amounts of random Bayes tokens.
Apparently rulesrc/sandbox/axb/23_bayes_ignore_header.cf was created to
handle some of these already?
I've found atleast these missing:
IronPort-SDR
X-Exchange-Antispam-Report-CFA-Test
X-Forefront-Antispam-Report-Untrusted
X-Gm-Message-State
X-MS-Exchange-AntiSpam-MessageData
X-MS-Exchange-AntiSpam-MessageData-0
X-MS-Exchange-CrossTenant-UserPrincipalName
X-MS-Exchange-SLBlob-MailProps
X-MSFBL
X-Microsoft-Antispam-Message-Info
X-Microsoft-Antispam-Message-Info-Original
X-Microsoft-Antispam-Untrusted
X-Microsoft-Exchange-Diagnostics
X-Provags-ID
X-SG-EID
X-SG-ID
Wouldn't these be better put directly into bayes/23_bayes.cf instead of some
sandbox, that's intended more for testing rules than changing SA config?
Any objections 1) adding these new ones 2) moving everything to 23_bayes.cf?