Re: whitelist_auth return_path / from
On Thursday, July 04, 2024 02:01 AEST, Benny Pedersen wrote:
> Simon Wilson via users skrev den 2024-07-03 15:54:
>
> > header AUTHRES_DKIM_PASS eval:check_authres_result('dkim', 'pass')
> > header USER_IN_DKIM_WHITELIST eval:check_for_dkim_whitelist_from()
>
> keep scores of them neutral
>
> meta MY_DKIM_FAILS_NOTRUST (AUTHRES_DKIM_PASS && USER_IN_DKIM_WHITELIST)
> describe MY_DKIM_FAILS_NOTRUST Meta: AUTHRES_DKIM_PASS &&
> USER_IN_DKIM_WHITELIST
> score MY_DKIM_FAILS_NOTRUST -1 -1 -1 -1
>
> i say no trust since authres can be fooled by untrusted AR headers, when
> authres_networks all is in use
I understand this, thank you.
>
> > and generate -100 that the DKIM plugin assigns to a DKIM
> > pass/USER_IN_DKIM_WHITELIST entry.
>
> why ? are you sure -100 is a very good idea ?
Selected as that is the score allocated by USER_IN_DKIM_WHITELIST
>
> > …but I don't know how to do that properly. I can combine into a meta
> > rule, but that will call the existing DKIM plugin's subroutine to
> > evaulate USER_IN_DKIM_WHITELIST, and I'm not sure if that will work.
>
> need more info on your mta setup, if postfix then i need postconf -nf
> and postconf -Mf in private mail, as i see you can :)
--
Simon WilsonM: 0400 121 116
Re: whitelist_auth return_path / from
On Thursday, July 04, 2024 01:11 AEST, Bill Cole wrote: > On 2024-07-03 at 10:19:28 UTC-0400 (Thu, 04 Jul 2024 00:19:28 +1000) > Simon Wilson via users > is rumored to have said: > > > On 03.07.24 23:54, Simon Wilson via users wrote: > >> Simon Wilson via users skrev den 2024-07-03 14:56: > >>> Do I also need to disable the normal SA DKIM plugin evaluation, i.e. > >>> trusting my upstream authres_trusted_authserv only? > >> > >> both works in paralel, so no need to disable, best results came > >> from > >> both enabled > >> > >> its up to you to add more authres_trusted_authserv or more > >> authres_ignored_authserv lines > >> > >> possible we can now have a very long debate on dmarc plugin ? :) > > > > Please, Simon, quote the text you are replying to. > > > > I have been - was that directed at Benny? > > > > No, it is because your mail is multipart/alternative with a text/plain > part that lacks any indicators of quoting. Looks like your MUA is > broken. > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo@toad.social and many *@billmail.scconsult.com > addresses) > Not Currently Available For Hire I have switched it into plain text mode.
Re: whitelist_auth return_path / from
Simon Wilson via users skrev den 2024-07-03 14:56:
> Do I also need to disable the normal SA DKIM plugin evaluation, i.e.
> trusting my upstream authres_trusted_authserv only?
both works in paralel, so no need to disable, best results came from
both enabled
its up to you to add more authres_trusted_authserv or more
authres_ignored_authserv lines
possible we can now have a very long debate on dmarc plugin ? :)
my question is does spamassassin dmarc plugin use authres results ?
- SA's DKIM plugin has failed a message so USER_IN_DKIM_WHITELIST tag will not
get assigned, and a +0.1 is added for a DKIM fail
- with AuthRes plugin installed, my trusted Authentication-Results header ‘DKIM
pass’ = -0.5 is applied
- yes, the -0.5 overrides the +0.1 from the false DKIM fail, but this does not
overcome the reason I wanted the sender in whitelist_auth - to overcome the FP
of their emails triggering a KAM rule
Ideally what I want is for authres.cf to combine:
header AUTHRES_DKIM_PASS eval:check_authres_result('dkim', 'pass')
with
header USER_IN_DKIM_WHITELIST eval:check_for_dkim_whitelist_from()
and generate -100 that the DKIM plugin assigns to a DKIM
pass/USER_IN_DKIM_WHITELIST entry.
…but I don't know how to do that properly. I can combine into a meta rule, but
that will call the existing DKIM plugin's subroutine to evaulate
USER_IN_DKIM_WHITELIST, and I'm not sure if that will work.
OK, I have done the following and it seems to be working, but will take
guidance on if this is going to have unexpected consequences from my ignorance…
- removed the SA DKIM plugin from loading
- Authres plugin working and trusting my own mail server's auth tests
(including DKIM)
- created a meta rule:
## Whitelist Wasabi, subject to passing of auth
header __LR_FROM_WASABI From =~ /support\@wasabi\.com/i
meta LR_WASABI_AUTH (__LR_FROM_WASABI && AUTHRES_DKIM_PASS && AUTHRES_SPF_PASS)
score LR_WASABI_AUTH -100
This now scores the Wasabi emails OK. Please feel free to tell me if this was a
really bad plan :)
Simon
Re: whitelist_auth return_path / from
On 03.07.24 23:54, Simon Wilson via users wrote: >Simon Wilson via users skrev den 2024-07-03 14:56: >> Do I also need to disable the normal SA DKIM plugin evaluation, i.e. >> trusting my upstream authres_trusted_authserv only? > >both works in paralel, so no need to disable, best results came from >both enabled > >its up to you to add more authres_trusted_authserv or more >authres_ignored_authserv lines > >possible we can now have a very long debate on dmarc plugin ? :) Please, Simon, quote the text you are replying to. I have been - was that directed at Benny?
Re: whitelist_auth return_path / from
Simon Wilson via users skrev den 2024-07-03 14:56:
> Do I also need to disable the normal SA DKIM plugin evaluation, i.e.
> trusting my upstream authres_trusted_authserv only?
both works in paralel, so no need to disable, best results came from
both enabled
its up to you to add more authres_trusted_authserv or more
authres_ignored_authserv lines
possible we can now have a very long debate on dmarc plugin ? :)
my question is does spamassassin dmarc plugin use authres results ?
- SA's DKIM plugin has failed a message so USER_IN_DKIM_WHITELIST tag will not
get assigned, and a +0.1 is added for a DKIM fail
- with AuthRes plugin installed, my trusted Authentication-Results header ‘DKIM
pass’ = -0.5 is applied
- yes, the -0.5 overrides the +0.1 from the false DKIM fail, but this does not
overcome the reason I wanted the sender in whitelist_auth - to overcome the FP
of their emails triggering a KAM rule
Ideally what I want is for authres.cf to combine:
header AUTHRES_DKIM_PASS eval:check_authres_result('dkim', 'pass')
with
header USER_IN_DKIM_WHITELIST eval:check_for_dkim_whitelist_from()
and generate -100 that the DKIM plugin assigns to a DKIM
pass/USER_IN_DKIM_WHITELIST entry.
…but I don't know how to do that properly. I can combine into a meta rule, but
that will call the existing DKIM plugin's subroutine to evaulate
USER_IN_DKIM_WHITELIST, and I'm not sure if that will work.
Re: whitelist_auth return_path / from
Simon Wilson via users skrev den 2024-07-03 14:13: > I don't think SA 3.4.6 on RH8 has AuthRes plugin: take it from spamassassin trunc, this plugin works on 3.4.6 aswell, but was not released or tested on it, i have verify it does work #!/bin/sh svn checkout http://svn.apache.org/repos/asf/spamassassin/trunk spamassassin-trunk OK, done and working. Plugin added, loaded with a .pre and configured with a .cf Working, e.g.:X-Spam-Status: No, score=-1.798 tagged_above=-999 required=6.2 tests=[AUTHRES_ARC_FAIL=1.5, AUTHRES_DKIM_PASS=-0.5, AUTHRES_DMARC_PASS=-0.5, AUTHRES_SPF_PASS=-0.5, BAYES_00=-1.9, DCC_REPUT_70_89=0.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, LR_ARC_FAIL=1, LR_DMARC_PASS=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no Received: from mail.simonandkate.net ([127.0.0.1]) by localhost (amavis.simonandkate.net [127.0.0.1]) (amavis, port 10024) with LMTP id qiXZppjAGmSg for ; Wed, 3 Jul 2024 22:48:54 +1000 (AEST) Authentication-Results: mail.simonandkate.net; spf=pass smtp.helo=smtp-out.orange.com; spf=pass smtp.mailfrom=orange.com Authentication-Results: mail.simonandkate.net; dmarc=pass (p=none dis=none) header.from=orange.com Authentication-Results: mail.simonandkate.net; arc=fail smtp.remote-ip=80.12.126.238 Authentication-Results: mail.simonandkate.net; dkim=pass (2048-bit key, secure) header.d=orange.com header.i=@orange.com header.a=rsa-sha256 header.s=orange002 header.b=OKdWrX63 Next question though - When the next email comes from Wasabi that my server tags as “Authentication-Results: mail.simonandkate.net; dkim=pass”, I understand that Authres plugin will accept the authres_trusted_authserv assignment to my server, resulting in AUTHRES_DKIM_PASS=-0.5. Do I also need to disable the normal SA DKIM plugin evaluation, i.e. trusting my upstream authres_trusted_authserv only?
Re: whitelist_auth return_path / from
On Wednesday, July 03, 2024 22:06 AEST, "Simon Wilson via users" wrote: Dave Funk skrev den 2024-07-03 09:29: > On Wed, 3 Jul 2024, Simon Wilson via users wrote: > You say "passing SPF and DKIM" however in the SA rules report it > clearly says: > DKIM_SIGNED=0.1, DKIM_INVALID=0.1 > > So eventho you think 'passed DKIM' SA clearly does NOT think it does. > That DKIM_INVALID will prevent the whitelist_auth from firing, thus you > need to investigate what's going wrong there. whitelist_auth support Return-Path so spf is evaluated aswell as dkim is grep logs DKIM_VALID_EF or enable DMARC plugin Hi Benny, none of that helps unless I'm being dense this evening :-D * I know whitelist_auth supports spf and dkim, that is in the documentation * Grepping for DKIM_VALID_EF only tells me what I now already know - SA thinks that one of the emails did not pass DKIM, when my server validated that it did and entered an Authentication-Results header saying that it did * I already have DMARC assessment, and that is shown in the headers I postedAuthentication-Results: mail.simonandkate.net; dmarc=pass (p=quarantine dis=none) header.from=wasabi.com The authentication headers that my server adds are:Authentication-Results: mail.simonandkate.net; spf=none smtp.helo=o562.ptr9861.wasabi.com; spf=pass smtp.mailfrom=mmemail.wasabi.com Authentication-Results: mail.simonandkate.net; dmarc=pass (p=quarantine dis=none) header.from=wasabi.com Authentication-Results: mail.simonandkate.net; arc=none smtp.remote-ip=159.183.86.216 Authentication-Results: mail.simonandkate.net; dkim=pass (2048-bit key, unprotected) header.d=wasabi.com header.i=@wasabi.com header.a=rsa-sha256 header.s=mmd header.b=uhRSt2r0 However SA thinks DKIM failed. I note your other email Benny on adding authres settings. I'm not averse to doing so, but would like to first understand why SA is behaving differently with these two emails. Simon I don't think SA 3.4.6 on RH8 has AuthRes plugin: -r--r--r-- 1 root root 4659 Apr 9 2021 AccessDB.pm -r--r--r-- 1 root root 4559 Apr 9 2021 AntiVirus.pm -r--r--r-- 1 root root 29117 Apr 9 2021 AskDNS.pm -r--r--r-- 1 root root 17071 Apr 9 2021 ASN.pm -r--r--r-- 1 root root 8803 Apr 9 2021 AutoLearnThreshold.pm -r--r--r-- 1 root root 19936 Apr 9 2021 AWL.pm -r--r--r-- 1 root root 55885 Apr 9 2021 Bayes.pm …etc…
Re: whitelist_auth return_path / from
Dave Funk skrev den 2024-07-03 09:29: > On Wed, 3 Jul 2024, Simon Wilson via users wrote: > You say "passing SPF and DKIM" however in the SA rules report it > clearly says: > DKIM_SIGNED=0.1, DKIM_INVALID=0.1 > > So eventho you think 'passed DKIM' SA clearly does NOT think it does. > That DKIM_INVALID will prevent the whitelist_auth from firing, thus you > need to investigate what's going wrong there. whitelist_auth support Return-Path so spf is evaluated aswell as dkim is grep logs DKIM_VALID_EF or enable DMARC plugin Hi Benny, none of that helps unless I'm being dense this evening :-D * I know whitelist_auth supports spf and dkim, that is in the documentation * Grepping for DKIM_VALID_EF only tells me what I now already know - SA thinks that one of the emails did not pass DKIM, when my server validated that it did and entered an Authentication-Results header saying that it did * I already have DMARC assessment, and that is shown in the headers I postedAuthentication-Results: mail.simonandkate.net; dmarc=pass (p=quarantine dis=none) header.from=wasabi.com The authentication headers that my server adds are:Authentication-Results: mail.simonandkate.net; spf=none smtp.helo=o562.ptr9861.wasabi.com; spf=pass smtp.mailfrom=mmemail.wasabi.com Authentication-Results: mail.simonandkate.net; dmarc=pass (p=quarantine dis=none) header.from=wasabi.com Authentication-Results: mail.simonandkate.net; arc=none smtp.remote-ip=159.183.86.216 Authentication-Results: mail.simonandkate.net; dkim=pass (2048-bit key, unprotected) header.d=wasabi.com header.i=@wasabi.com header.a=rsa-sha256 header.s=mmd header.b=uhRSt2r0 However SA thinks DKIM failed. I note your other email Benny on adding authres settings. I'm not averse to doing so, but would like to first understand why SA is behaving differently with these two emails. Simon
Re: whitelist_auth return_path / from
On Wed, 3 Jul 2024, Simon Wilson via users wrote:
> Does whitelist_auth work on From header, or Return-Path? Reason I ask:
>
>
>
> I have two emails from “support .at. wasabi.com”. Due to their emails usually
> triggering KAM rules I have (in
> /etc/mail/spamassassin/local.cf):
>
>
>
> ## Whitelist Wasabi, subject to passing of auth
> whitelist_auth supp...@wasabi.com
[snip..]
> The other is not triggering whitelist_auth and is marked as spam due to the
> KAM rule fails. It has:
>
> Return-Path:
> ...
> From: Wasabi
> ...
> Reply-To: supp...@wasabi.com
>
> Despite passing SPF and DKIM, not whitelisted:
>
> X-Spam-Score: 20.212
> X-Spam-Level:
> X-Spam-Status: Yes, score=20.212 tagged_above=-999 required=6.2
> tests=[BAYES_00=-1.9, DCC_CHECK=1.1, DCC_REPUT_99_100=1.4, DKIM_INVALID=0.1,
> DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KAM_BODY_MARKETINGBL_PCCC=0.001,
> KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_MARKETINGBL_PCCC=1,
> KAM_REALLYHUGEIMGSRC=0.5, LR_DMARC_PASS=-0.1, SPF_HELO_NONE=0.001,
> SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01]
> autolearn=no autolearn_force=no
[snip]
>
> Thanks.
> Simon.
You say "passing SPF and DKIM" however in the SA rules report it clearly says:
DKIM_SIGNED=0.1, DKIM_INVALID=0.1
So eventho you think 'passed DKIM' SA clearly does NOT think it does. That
DKIM_INVALID will prevent the whitelist_auth from firing, thus you need to
investigate what's going wrong there.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
Good spot, thank you.
The email that passed (sent from Wasabi's Salesforce) clearly passes SPF and
DKIM, and SA accepts that it has passed both:X-Spam-Score: -182.112
X-Spam-Level:
X-Spam-Status: No, score=-182.112 tagged_above=-999 required=6.2
tests=[BAYES_00=-1.9, DCC_CHECK=1.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HELO_STATIC_HOST=-0.001,
HTML_MESSAGE=0.001, KAM_BODY_MARKETINGBL_PCCC=0.001, KAM_BODY_URIBL_PCCC=9,
KAM_FROM_URIBL_PCCC=9, KAM_MARKETINGBL_PCCC=1, LR_DMARC_PASS=-0.1,
RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01,
USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100,
USER_IN_SPF_WELCOMELIST=-0.01, USER_IN_SPF_WHITELIST=-100]
autolearn=no autolearn_force=no
Received: from mail.simonandkate.net ([127.0.0.1])
by localhost (amavis.simonandkate.net [127.0.0.1]) (amavis, port 10024)
with LMTP id FRQBp6eagRev for ;
Wed, 3 Jul 2024 11:33:21 +1000 (AEST)
Authentication-Results: mail.simonandkate.net;
spf=pass
smtp.helo=smtp-0e3fa5fa5492d81fe.core1.sfdc-lywfpd.mta.salesforce.com;
spf=pass smtp.mailfrom=wasabi.com
Authentication-Results: mail.simonandkate.net; dmarc=pass (p=quarantine
dis=none) header.from=wasabi.com
Authentication-Results: mail.simonandkate.net; arc=none
smtp.remote-ip=44.227.237.13
Authentication-Results: mail.simonandkate.net;
dkim=pass (1024-bit key, unprotected) header.d=wasabi.com
header.i=@wasabi.com header.a=rsa-sha256 header.s=sfdcproduction
header.b=VPfjwPoA
Received: from smtp-0e3fa5fa5492d81fe.core1.sfdc-lywfpd.mta.salesforce.com
(smtp-0e3fa5fa5492d81fe.core1.sfdc-lywfpd.mta.salesforce.com [44.227.237.13])
by mail.simonandkate.net (Postfix) with ESMTPS id B2E4460E1
for ; Wed, 3 Jul 2024 11:33:20 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wasabi.com;
s=sfdcproduction; t=1719970393;
bh=HT3vxtae+200eJTAlHJkPaLUuYEbpqXqTkY70+hSYa4=;
h=Date:From:To:Subject:MIME-Version:Content-Type;
b=VPfjwPoAe8Gu3ruU2nvnYYggXO5JZ/7IaxEDNaBsvvxIZ5PHW+7rXN1usl5qmJZ5u
asB0RBBCXNTH/5SDXXJEu1Pc6jRvsdc+POPLrkQkHqhXgX1DmUjnVYnDBA2tu/8RIk
M7ISxYS4psZXdm73/ZF7sILSdS+USXdTM5JlfbV4=
The failed one is assessed by OpenDKIM as having passed by my server
(mail.simonandkate.net), but you are correct SA sees it as invalid.
So I guess the question is why SA is not accepting a trusted header with a DKIM
pass recorded with the same mail path through the system? I have no AuthRes
settings set specifically in local.cf.
X-Spam-Score: 20.212
X-Spam-Level:
X-Spam-Status: Yes, score=20.212 tagged_above=-999 required=6.2
tests=[BAYES_00=-1.9, DCC_CHECK=1.1, DCC_REPUT_99_100=1.4, DKIM_INVALID=0.1,
DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KAM_BODY_MARKETINGBL_PCCC=0.001,
KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_MARKETINGBL_PCCC=1,
KAM_REALLYHUGEIMGSRC=0.5, LR_DMARC_PASS=-0.1, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01]
autolearn=no autolearn_force=no
Received: from mail.simonandkate.net (
whitelist_auth return_path / from
Running SA 3.4.6 on RH8. Does whitelist_auth work on From header, or Return-Path? Reason I ask: I have two emails from “support .at. wasabi.com”. Due to their emails usually triggering KAM rules I have (in /etc/mail/spamassassin/local.cf): ## Whitelist Wasabi, subject to passing of auth whitelist_auth supp...@wasabi.com First email triggers whitelist_auth and is passed as expected. It has:Return-Path: ... From: Wasabi Support X-Spam-Score: -182.112 X-Spam-Level: X-Spam-Status: No, score=-182.112 tagged_above=-999 required=6.2 tests=[BAYES_00=-1.9, DCC_CHECK=1.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HELO_STATIC_HOST=-0.001, HTML_MESSAGE=0.001, KAM_BODY_MARKETINGBL_PCCC=0.001, KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_MARKETINGBL_PCCC=1, LR_DMARC_PASS=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100, USER_IN_SPF_WELCOMELIST=-0.01, USER_IN_SPF_WHITELIST=-100] The other is not triggering whitelist_auth and is marked as spam due to the KAM rule fails. It has:Return-Path: ... From: Wasabi ... Reply-To: supp...@wasabi.com Despite passing SPF and DKIM, not whitelisted:X-Spam-Score: 20.212 X-Spam-Level: X-Spam-Status: Yes, score=20.212 tagged_above=-999 required=6.2 tests=[BAYES_00=-1.9, DCC_CHECK=1.1, DCC_REPUT_99_100=1.4, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KAM_BODY_MARKETINGBL_PCCC=0.001, KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_MARKETINGBL_PCCC=1, KAM_REALLYHUGEIMGSRC=0.5, LR_DMARC_PASS=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no Received: from mail.simonandkate.net ([127.0.0.1]) by localhost (amavis.simonandkate.net [127.0.0.1]) (amavis, port 10024) with LMTP id 0dPigJ_ugPPb for ; Wed, 3 Jul 2024 07:48:51 +1000 (AEST) Authentication-Results: mail.simonandkate.net; spf=none smtp.helo=o562.ptr9861.wasabi.com; spf=pass smtp.mailfrom=mmemail.wasabi.com Authentication-Results: mail.simonandkate.net; dmarc=pass (p=quarantine dis=none) header.from=wasabi.com Authentication-Results: mail.simonandkate.net; arc=none smtp.remote-ip=159.183.86.216 Authentication-Results: mail.simonandkate.net; dkim=pass (2048-bit key, unprotected) header.d=wasabi.com header.i=@wasabi.com header.a=rsa-sha256 header.s=mmd header.b=uhRSt2r0 Received: from o562.ptr9861.wasabi.com (o562.ptr9861.wasabi.com [159.183.86.216]) by mail.simonandkate.net (Postfix) with ESMTPS id C105157044 for ; Wed, 3 Jul 2024 07:48:47 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wasabi.com; h=content-type:from:mime-version:subject:reply-to:to:list-unsubscribe: list-unsubscribe-post:cc:content-type:from:subject:to; s=mmd; bh=cy4eC8HJMJh8b6CwYtOAzArbHod4C/sAQkNIrkSQFPA=; b=uhRSt2r0lE9yE6sSCc7+QA90N0PCyzA0FNP0bOo2ApH/U+u6yCpjvt0KZJ+VO2MfDKuh xmzJPFgaHNvajQDOyqfLCfF4xwTrxYyBaKTMf/qinqP6JHpFsKVaDNykv96ZIac/SwRbha SO4yPkPl1NO5k4ENyD5va2J9LftRyQ0te+awrnbjypQAKJiJ0yPoqNTFCJZGdQSCuJOZG8 ASnJcPZRoL2J83FEJCMPZdS5Wpf0GAgHp7aEpzAFf7TEpfJA8IMsbRSlRs3ptdZtYvwKMR K6oi/d+w3UBSdFGRpRFZlgFeVjNIp/xCz5pDGf7109C0A+QSjn4zZ3edrOjF1JPg== Received: by filterdrecv-6576d68dbc-fxxdn with SMTP id filterdrecv-6576d68dbc-fxxdn-1-668475B6-1 2024-07-02 21:48:38.112531956 + UTC m=+1292691.168998080 Received: from MzUyNTk2MzU (unknown) by geopod-ismtpd-4 (SG) with HTTP id X_mTOosARsSFXqinaxYfEw Tue, 02 Jul 2024 21:48:38.008 + (UTC) Content-Type: multipart/mixed; boundary=75633f0201749d47c1ba5a273d403dbaa85162228d469a5e23d94a668c10 Date: Tue, 02 Jul 2024 21:48:38 + (UTC) From: Wasabi Mime-Version: 1.0 Message-ID: Subject: [SPAM] Wasabi Technologies LLC Invoice Reply-To: supp...@wasabi.com Do I need to add the return-path, i.e.: ## Whitelist Wasabi, subject to passing of auth whitelist_auth supp...@wasabi.com whitelist_auth *@mmemail.wasabi.com ? Thanks. Simon.
Re: DMARC Aggregate reports - false positives
On Thursday, June 22, 2023 23:05 AEST, Bill Cole wrote: On 2023-06-22 at 06:29:53 UTC-0400 (Thu, 22 Jun 2023 20:29:53 +1000) Simon Wilson via users is rumored to have said: > I find most DMARC reports I receive are flagged as spam by SA. > > How do people work around this? I've trained Bayes, and that is > applying a -ve offset as expected, but they still end up at over 7. The best solution for robot-generated mail to and from predictable addresses are the welcomelist feature(s). You can use more_spam_to or all_spam_to for reporting addresses, or welcomelist_auth for senders. Also, if you get a lot of robotic mail I would recommend that you not use Pyzor, Razor, or DCC. All of those are engines for detecting similarities in mail and they do that very well with regularly formatted mail that looks much the same across many recipients. > X-Spam-Status: Yes, score=7.215 tagged_above=-999 required=6.2 > tests=[BASE64_LENGTH_78_79=0.1, BASE64_LENGTH_79_INF=1.502, > BAYES_00=-1.9, DCC_CHECK=1.1, DIGEST_MULTIPLE=0.293, > DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, > ENA_SUBJ_LONG_WORD=2.2, HTML_MESSAGE=0.001, LR_DMARC_PASS=-0.1, > MIME_BASE64_TEXT=1.741, MIME_HTML_MOSTLY=0.1, MPART_ALT_DIFF=0.79, > PYZOR_CHECK=1.392, RCVD_IN_DNSWL_NONE=-0.0001, > RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, > T_SCC_BODY_TEXT_LINE=-0.01, T_TVD_MIME_NO_HEADERS=0.01] > > -- > Simon Wilson > M: 0400 121 116 -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire Thanks BIll. I am using 3.4.6 on RHEL8, so will need to use the legacy terms instead of welcomelist_auth I assume. I'll start there. Simon -- Simon Wilson M: 0400 121 116
Re: DMARC Aggregate reports - false positives
On Thursday, June 22, 2023 20:37 AEST, Damian wrote: I find most DMARC reports I receive are flagged as spam by SA.> Which submitters? I looked at a bunch of my reports and they are all MIME_GOOD. That one was from microsoft. -- Simon Wilson M: 0400 121 116
DMARC Aggregate reports - false positives
I find most DMARC reports I receive are flagged as spam by SA. How do people work around this? I've trained Bayes, and that is applying a -ve offset as expected, but they still end up at over 7. X-Spam-Status: Yes, score=7.215 tagged_above=-999 required=6.2 tests=[BASE64_LENGTH_78_79=0.1, BASE64_LENGTH_79_INF=1.502, BAYES_00=-1.9, DCC_CHECK=1.1, DIGEST_MULTIPLE=0.293, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, ENA_SUBJ_LONG_WORD=2.2, HTML_MESSAGE=0.001, LR_DMARC_PASS=-0.1, MIME_BASE64_TEXT=1.741, MIME_HTML_MOSTLY=0.1, MPART_ALT_DIFF=0.79, PYZOR_CHECK=1.392, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_TVD_MIME_NO_HEADERS=0.01] -- Simon Wilson M: 0400 121 116
