How to deal with/allow false positives?

[kez]

Hi!

How is everyone managing their false positives? For example, all of our users who are accountants are unable to send email.

Example:

Matching Rule: Block outgoing Spam

Rule: Block outgoing Spam
Receiver: x@x.org
Action: block message
Action: Move to quarantine.
Action: notify SENDER

Spam detection results: 8

HTML_MESSAGE(0.001),
KAM_ACCOUNTPHISH(3.2),
KAM_DMARC_STATUS(0.01),
KAM_NUMSUBJECT(0.5),
LOTS_OF_MONEY(0.001)
etc...

So is there any way to whitelist the finance-related rules like KAM_ACCOUNTPHISH(3.2), KAM_NUMSUBJECT(0.5), LOTS_OF_MONEY(0.001, etc. for these domains?

The emails are 100% legitimate from accountants whom I manage email for. Obviously, I don't want to blanket whitelist the sending domain, as one day the mailbox might get hacked etc. and spam.

Thanks for any tips.

C

 

[jchamb2010]

Yes, under Configuration -> Spam Detector -> Custom Scores you can add the rule and set a new score.

For your example:

Name: KAM_ACCOUNTPHISH
Score: 0 (or just something less than 3.2)
Comment: Was 3.2 - blocking legitimate mail (not required, I just do this so I know what it used to be)

You don't really need to add KAM_NUMSUBJECT or LOTS_OF_MONEY as neither of those should have any massive impact, but feel free to do so if you wish.

 

[kez]

Yes, under Configuration -> Spam Detector -> Custom Scores you can add the rule and set a new score.

For your example:

Name: KAM_ACCOUNTPHISH
Score: 0 (or just something less than 3.2)
Comment: Was 3.2 - blocking legitimate mail (not required, I just do this so I know what it used to be)

You don't really need to add KAM_NUMSUBJECT or LOTS_OF_MONEY as neither of those should have any massive impact, but feel free to do so if you wish.

Thanks for this. Much appreciated. I was trying to set a custom score for said rules on a per domain basis, rather than for all domains.