Re: whitelist_from_rcvd Not Working

2015-08-29 Thread RW 
On Sat, 29 Aug 2015 13:57:02 +0200
Reindl Harald wrote:

> 
> Am 29.08.2015 um 13:46 schrieb RW:
> > On Sat, 29 Aug 2015 12:45:27 +0200
> > Reindl Harald wrote:

> >> helo=ealerts.bankofamerica.com by=box458.bluehost.com
> >> bankofamerica.com != bluehost.com
> >
> > The by=box458.bluehost.com is not relevant, the problem is the
> > "rdn= ".
> >
> > SpamAssassin doesn't do its own rdns lookups, so if the information
> > isn't recorded in the received header by the server you can't use
> > whitelist_from_rcvd
> 
> agreed in conext of rdns, but even if it is resolved, the machines 
> sending as @ealerts.bankofamerica.com don't have a RDNS ending with 
> "bankofamerica.com"
> 

$ dig +short -x 68.232.194.1
mta.ealerts.bankofamerica.com.

Re: whitelist_from_rcvd Not Working

2015-08-29 Thread Reindl Harald 


Am 29.08.2015 um 13:46 schrieb RW:

On Sat, 29 Aug 2015 12:45:27 +0200
Reindl Harald wrote:


Am 29.08.2015 um 12:40 schrieb websiterepairguy.:

I'm trying to get the following line to work in my user_prefs file:

whitelist_from_rcvd*bankofamerica.com
bankofamerica.com


Of course, this works:

whitelist_from*bankofamerica.com 

So, the simple whitelist_from works, but the whitelist_from_rcvd
does not work.  Why is this?  Looks like I have some kind of RDNS
problem,  I run this command to test this premise:


helo=ealerts.bankofamerica.com by=box458.bluehost.com
bankofamerica.com != bluehost.com


The by=box458.bluehost.com is not relevant, the problem is the
"rdn= ".

SpamAssassin doesn't do its own rdns lookups, so if the information
isn't recorded in the received header by the server you can't use
whitelist_from_rcvd


agreed in conext of rdns, but even if it is resolved, the machines 
sending as @ealerts.bankofamerica.com don't have a RDNS ending with 
"bankofamerica.com"


"whitelist_from_rcvd" is not really maintainable for 3rd party senders 
which may change their network and cloudservices at any point of time 
while "whitelist_auth" is agnostic to that as long as the domain-owner 
takes care in his SPF-records




signature.asc
Description: OpenPGP digital signature

Re: whitelist_from_rcvd Not Working

2015-08-29 Thread RW 
On Sat, 29 Aug 2015 12:45:27 +0200
Reindl Harald wrote:

> 
> 
> Am 29.08.2015 um 12:40 schrieb websiterepairguy.:
> > I'm trying to get the following line to work in my user_prefs file:
> >
> > whitelist_from_rcvd*bankofamerica.com
> > bankofamerica.com
> > 
> >
> > Of course, this works:
> >
> > whitelist_from*bankofamerica.com 
> >
> > So, the simple whitelist_from works, but the whitelist_from_rcvd
> > does not work.  Why is this?  Looks like I have some kind of RDNS
> > problem,  I run this command to test this premise:
> 
> helo=ealerts.bankofamerica.com by=box458.bluehost.com
> bankofamerica.com != bluehost.com

The by=box458.bluehost.com is not relevant, the problem is the
"rdn= ".

SpamAssassin doesn't do its own rdns lookups, so if the information
isn't recorded in the received header by the server you can't use
whitelist_from_rcvd.

Re: whitelist_from_rcvd Not Working

2015-08-29 Thread Reindl Harald 



Am 29.08.2015 um 12:40 schrieb websiterepairguy.:

I'm trying to get the following line to work in my user_prefs file:

whitelist_from_rcvd*bankofamerica.com
bankofamerica.com 

Of course, this works:

whitelist_from*bankofamerica.com 

So, the simple whitelist_from works, but the whitelist_from_rcvd does
not work.  Why is this?  Looks like I have some kind of RDNS problem,  I
run this command to test this premise:


helo=ealerts.bankofamerica.com by=box458.bluehost.com
bankofamerica.com != bluehost.com

they use SPF, so just "whitlist_auth" is what you want

bankofamerica.com.  3600IN  TXT "v=spf1 
include:_txspf.bankofamerica.com include:_vaspf.bankofamerica.com 
include:_newspf.bankofamerica.com ~all"


ealerts.bankofamerica.com. 3600 IN  TXT "v=spf1 
include:cust-spf.exacttarget.com -all"




signature.asc
Description: OpenPGP digital signature

whitelist_from_rcvd Not Working

2015-08-29 Thread websiterepairguy . 
I'm trying to get the following line to work in my user_prefs file:

whitelist_from_rcvd *bankofamerica.com bankofamerica.com

Of course, this works:

whitelist_from *bankofamerica.com

So, the simple whitelist_from works, but the whitelist_from_rcvd does not
work.  Why is this?  Looks like I have some kind of RDNS problem,  I run
this command to test this premise:

cat ham.mbox | spamassassin -dtD >temp 2>temp2

When I run the above command, I get the following lines in temp2:

Aug 29 05:38:06.860 [3328] dbg: config: trusted_networks are not
configured; it is recommended that you configure trusted_networks manually
Aug 29 05:38:06.862 [3328] dbg: received-header: parsed as [
ip=68.232.194.1 rdns= helo=ealerts.bankofamerica.com
by=box458.bluehost.com ident=
envfrom=
bounce-30_html-349212922-232599-73720-39...@bounce.ealerts.bankofamerica.com
intl=0
id=1ZUW6y-0005yO-RQ auth= msa=0 ]
Aug 29 05:38:06.862 [3328] dbg: received-header: do not trust any hosts
from here on
Aug 29 05:38:06.862 [3328] dbg: received-header: relay 68.232.194.1
trusted? no internal? no msa? no
Aug 29 05:38:06.863 [3328] dbg: metadata: X-Spam-Relays-Trusted:
Aug 29 05:38:06.864 [3328] dbg: metadata: X-Spam-Relays-Untrusted: [
ip=68.232.194.1 rdns= helo=ealerts.bankofamerica.com
by=box458.bluehost.com ident=
envfrom=
bounce-30_html-349212922-232599-73720-39...@bounce.ealerts.bankofamerica.com
intl=0
id=1ZUW6y-0005yO-RQ auth= msa=0 ]
Aug 29 05:38:06.864 [3328] dbg: metadata: X-Spam-Relays-Internal:
Aug 29 05:38:06.864 [3328] dbg: metadata: X-Spam-Relays-External: [
ip=68.232.194.1 rdns= helo=ealerts.bankofamerica.com
by=box458.bluehost.com ident=
envfrom=
bounce-30_html-349212922-232599-73720-39...@bounce.ealerts.bankofamerica.com
intl=0
id=1ZUW6y-0005yO-RQ auth= msa=0 ]

I notice that the above line has a 'rdns=' which would seem to suggest that
rdns did not work, right?  I barely know what rdns is, so that's why I'm
asking such a basic question.

The above debug lines also mentions bankofamerica.com.  Bank of America is
my credit card company.  The above ham email is a ham credit card email.
Of course, I also get spoof Bank of America emails that are spam.  I'd like
to be able to differentiate the real from the fake, thus my interest
in whitelist_from_rcvd.

I run spamassassin under Debian Linux and Kmail is my email client.  Kmail
filters my email through spamassassin.  My email is retrieved from my
hosting company, Bluehost via SMTP  Bluehost has the actual email server,
not me.  The only thing I"m running on my computer is Kmail and
spamassassin.  Also, I run my own DNS server because I'm told that this is
necessary to conserve resources for certain blocklists.

I notice all my ham emails have the following false positive:

 0.8 RDNS_NONE  Delivered to internal network by a host with no
rDNS

Here's the heart of my question:  Am I failing to do RDNS or is it my
hosting company Bluehost?  I assume that they know what they are doing, so
it must be me.

Here's my version of spamassassin:

spamassassin -V
SpamAssassin version 3.3.1
  running on Perl version 5.10.1

Is there anything I can configure to get this to work correctly?  Is it
spamassassin that needs configuration?  Is it the DNS server I run at the
same time I run spamassassin and Kmail that needs to be configured?
Do I need to go into my hosting account and configure something?

I'm a bit lost as to what to do next.  I tried this:

internal_networks 68.232.194.1
trusted_networks 68.232.194.1

However, I suspect that setting the internal_networks and the
trusted_networks is not the right way to do things.  The 68.232.194.1
IP address is from the above debug lines and is probably specific to
Bank of America only, right?  So it is really not part of my trusted
network,
right?

By the way.   The above 2 lines for internal_networks and trusted_networks
did work.  I suspect, though, that this is a hack that is too specific to
be a good general solution.

Thanks to anyone who has read this far!  All answers are appreciated!  I
know very little about either spamassassin or RDNS.

Ed