Re: whitelist issues with sprintpcs.com

2016-07-05 Thread Shawn Bakhtiar 
One possibility I don't see mentioned is to simply accept this at the MTA level.

I've often had to do this when a sending domain is misconfigured but is part of 
our legitimate senders. It obviously opens up doors you'll have to monitor 
other ways.

but in Sendmail it is as simple as adding the domains to the access db.

Then use something a la the following to set a really low score on those emails:

https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin_AccessDB.html



On Jul 3, 2016, at 10:43 AM, Alex 
mailto:mysqlstud...@gmail.com>> wrote:

Hi,

I'm trying to whitelist mail from sprintpcs.com in the 
best way
possible, but it's ignoring attempts at even using whitelist_from and
I don't know why. Perhaps it's something with the way the mail is
formatted? No SPF or DKIM available to be used.

These messages are being quarantined because people are using sending
photos in a quick text message without any subject or body content.

I've put up an example here and hoped someone could take a look.

http://pastebin.com/1vapSDdF

This appears to be the only available headers:

Received: from lxnsmsomta04.localdomain (smtp4a.mo.sprintpcs.com [66.1.208.13])
   by mail01.example.com (Postfix) with ESMTP id 7FF846800CC30
   for ; Sat, 25 Jun 2016 21:21:21 -0400 (EDT)
Received: from musreb31.nmcc.sprintspectrum.com (unknown [10.25.157.71])
   by lxnsmsomta04.localdomain (Postfix) with ESMTP id 64B18608C
   for ; Sat, 25 Jun 2016 20:19:20 -0500 (CDT)

The envelope-from looks okay, but the "From" is not formatted properly.

X-Envelope-From: <15556142...@pm.sprint.com>
From: 5556142...@pm.sprint.com

Thanks for any ideas.
Alex

Re: URIBL randomly not triggered (and SPF too)

2016-07-05 Thread Reindl Harald 



Am 05.07.2016 um 14:01 schrieb Reindl Harald:

i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in
the ABUSE SURBL blocklist

50% of all tries against spamd it does NOT hit while the scantime for
the whole message is arounnd 3 seconds - since there is a local
unbound-cache with

 cache-min-ttl: 300
 cache-max-ttl: 10800

it's impossible that there are happening dns timeouts and i can observe
the same behavior randomly with URIBL_LOCAL where the unbound dns cache
on 127.0.0.1:53 talks to rblsdnsd on 127.0.0.1:1053

that smells why ever very unrelieable and frankly i observed similar
with SPF_PASS / SHORTCIRCUIT where people within 5 seconds get the same
message and one get USER_IN_SPF_WHITELIST while the other goes through
all tests


that below too MUST NOT happen because one triggers 
USER_IN_SPF_WHITELIST and the other don't have any SPF test and given 
that there is a python-policyd-spf waiting 20 seconds for the response 
in 'smtpd_recipient_restrictions' long before the contentfilters the 
dns-results are cached


Jul  4 11:34:51 mail-gw postfix/smtpd[13648]: 3rjhgb71LVzB47: 
client=o3.email.wetransfer.com[192.254.123.42]
Jul  4 11:34:52 mail-gw spamd[12535]: spamd: processing message 
<577a2da06a20d_63ca5ed30013218...@delayedjobs-17aj6hbldm9spghikobe88v7k.wetransfer.com.mail> 
for sa-milt:189
Jul  4 11:34:56 mail-gw spamd[12535]: spamd: result: . -4 - 
BAYES_00,CUST_DNSWL_2_SENDERSC_L,CUST_DNSWL_3_JEF_L,CUST_DNSWL_5_ORG_N,CUST_DNSWL_8_TL_N,DKIM_SIGNED,DKIM_VALID,HTML_MESSAGE,RCVD_IN_MSPIKE_H2,RP_MATCHES_RCVD 
scantime=4.2,size=18438,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=/run/spamassassin/spamassassin.sock,mid=<577a2da06a20d_63ca5ed30013218...@delayedjobs-17aj6hbldm9spghikobe88v7k.wetransfer.com.mail>,bayes=0.00,autolearn=disabled,shortcircuit=no


Jul  4 11:57:01 mail-gw postfix/smtpd[14837]: 3rjj993Bk8zB7P: 
client=o3.email.wetransfer.com[192.254.123.42]
Jul  4 11:57:02 mail-gw spamd[14302]: spamd: processing message 
<577a32e8f35bb_671c116b30813485...@delayedjobs-16gux7nsdp9xgp69boio5hcsg.wetransfer.com.mail> 
for sa-milt:189
Jul  4 11:57:02 mail-gw spamd[14302]: spamd: result: . -100 - 
CUST_DNSWL_2_SENDERSC_L,CUST_DNSWL_3_JEF_L,CUST_DNSWL_5_ORG_N,CUST_DNSWL_8_TL_N,CUST_SHORTCIRCUIT,RCVD_IN_MSPIKE_H2,SHORTCIRCUIT,USER_IN_SPF_WHITELIST 
scantime=0.1,size=15685,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=/run/spamassassin/spamassassin.sock,mid=<577a32e8f35bb_671c116b30813485...@delayedjobs-16gux7nsdp9xgp69boio5hcsg.wetransfer.com.mail>,autolearn=disabled,shortcircuit=spam





signature.asc
Description: OpenPGP digital signature

URIBL randomly not triggered for the same message

2016-07-05 Thread Reindl Harald 
i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in 
the ABUSE SURBL blocklist


50% of all tries against spamd it does NOT hit while the scantime for 
the whole message is arounnd 3 seconds - since there is a local 
unbound-cache with


 cache-min-ttl: 300
 cache-max-ttl: 10800

it's impossible that there are happening dns timeouts and i can observe 
the same behavior randomly with URIBL_LOCAL where the unbound dns cache 
on 127.0.0.1:53 talks to rblsdnsd on 127.0.0.1:1053


that smells why ever very unrelieable and frankly i observed similar 
with SPF_PASS / SHORTCIRCUIT where people within 5 seconds get the same 
message and one get USER_IN_SPF_WHITELIST while the other goes through 
all tests




signature.asc
Description: OpenPGP digital signature