On 08/27/10 22:52:58, Stevan Bajić wrote: > No. DSPAM uses the whole "From" line to identify whitelisted entries. > You can create the token by hand and query your backend to > see what spam/innocent hits it has.
Hmm, OK. In the example that I cited, the [email protected] was me: [email protected], but it was being spoofed by the sender, who was sending the email from an IP address that: 1) has no rDNS 2) is definitely un-trusted 3) is listed on several DNSRBL's > # dspam_crc "from*[email protected]" > TOKEN: 'from*[email protected]' CRC: 330966212412571206 Thanks for the detailed example. I'm pretty sure that my email address is whitelisted on my system, without checking. The issue here is that simply checking my email address in the "From" line is an extremely weak check, and it over-rides the spam determination that DSPAM would have otherwise made. > > Then lookup that token inside your DSPAM database: > > select * from dspam_token_data where token='330966212412571206' > > Checking your email address in my setup results in: > > theia ~ # dspam_crc "From*Gary Funck <[email protected]>" > TOKEN: 'From*Gary Funck <[email protected]>' CRC: 5069347935046341961 > theia ~ # mysql --user=root --password=$(cat /root/.mysql.pwd) -e "select * > from sysdb_dspam.dspam_token_data where token='5069347935046341961'" > +-----+---------------------+-----------+---------------+------------+ > | uid | token | spam_hits | innocent_hits | last_hit | > +-----+---------------------+-----------+---------------+------------+ > | 4 | 5069347935046341961 | 0 | 38 | 2010-08-27 | > +-----+---------------------+-----------+---------------+------------+ > theia ~ # > > > > > > If not, it seems > > that might help in the use case above. > > > > Is there a way to tell DSPAM about "trusted" IP addresses (in > > a fashion similar to SpamAssassin)? > > > No. I planed to add something like that into DSPAM but never got the time to > do so. [...] > You are entering a mine field with that. Most admins > out there would love to whitelist everyone and his dog in > DSPAM. But DSPAM does not expose functions to the outside > to do that. Off course one can manually add tokens with > a high innocent count and whitelist that way. OK, to clarify: I'm not asking for a whitelist type of over-ride that would accept all email coming in from a particular trusted IP address, but rather: I'm asking that DSPAM follow the chain of Received lines out to the last trusted IP address, and to then use the incoming IP address listed on that line to determine the IP address that the sender used when transmitting the email. This IP address would be combined with the "From" address to construct a sender (address, IP) pair. This sender ID would then be used in the DSPAM whitelist lookup. For example: From [email protected] Fri Aug 27 08:32:24 2010 From: [email protected] Received: from mail.example.com (example.local [10.10.1.1]) by localhost.local (8.14.4/8.14.4) with ESMTP id o7RFWOb9004675 for <[email protected]>; Fri, 27 Aug 2010 08:32:24 -0700 Received: from 82.160.134.3 ([82.160.134.3]) by mail.example.com (8.13.8/8.13.8) with ESMTP id o7RFWEtU015083 for <[email protected]>; Fri, 27 Aug 2010 08:32:19 -0700 Above, mail.example.com at 10.10.1.1 is trusted, but 82.160.134.3 is not. Thus, the sender would be identified as: "[email protected]". This key would be looked up as a token and its whitelist status would be determined. In this case, it would most certainly not have been listed as a whitelisted address. See: http://wiki.apache.org/spamassassin/TrustedRelays ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Dspam-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspam-user
