Re: Order of handling whitelist/blacklist
Philip Prindeville via users skrev den 2024-03-28 18:55: My config also has: trusted_networks 192.168.6.0/24 trusted_networks 192.168.8.0/24 trusted_networks 127.0.0.1/32 So I don't think that's the problem. rfc 1918 is imho hardcoded into spamassassin if its this, make a bugzilla about it, the above range is one single 192.168.0.0/16 127.0.0.0/8 What are some steps to troubleshoot how the white/black-listing is happening? spamassassin -D -t spam-msg-file 2>&1 | less if its there :)
Re: Order of handling whitelist/blacklist
> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas > wrote: > >>> On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I could find. You'd think the first would happen first, since it's more specific. Or, maybe that both would happen. > >>> On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas >>> wrote: >>> they both should happen. >>> note that the second argument must be Received: header provided by trusted >>> server, so that argument depends on proper TrustPath set up >>> >>> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath > > On 28.03.24 11:55, Philip Prindeville via users wrote: >> My config also has: >> >> trusted_networks 192.168.6.0/24 >> trusted_networks 192.168.8.0/24 >> trusted_networks 127.0.0.1/32 >> >> So I don't think that's the problem. >> >> What are some steps to troubleshoot how the white/black-listing is happening? > > can you show us the headers? Here or somewhere on pastebin? > No need, but thanks. Got my head out of my butt. I had somehow missed that vger.kernel.org as a "multihomed" (or "anycast", depending on how you look at it) had ceased to exist as an outbound relay for the LKML's and been replaced by (am|ny|sv|sy).mirrors.kernel.org back around Dec 19 last year. When I switched to: whitelist_from_rcvd v...@yandex.ru mirrors.kernel.org things started working again. -Philip
Re: Order of handling whitelist/blacklist
> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas > wrote: > >>> On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I could find. You'd think the first would happen first, since it's more specific. Or, maybe that both would happen. > >>> On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas >>> wrote: >>> they both should happen. >>> note that the second argument must be Received: header provided by trusted >>> server, so that argument depends on proper TrustPath set up >>> >>> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath > > On 28.03.24 11:55, Philip Prindeville via users wrote: >> My config also has: >> >> trusted_networks 192.168.6.0/24 >> trusted_networks 192.168.8.0/24 >> trusted_networks 127.0.0.1/32 >> >> So I don't think that's the problem. >> >> What are some steps to troubleshoot how the white/black-listing is happening? > > can you show us the headers? Here or somewhere on pastebin? > No need, but thanks. Got my head out of my butt. I had somehow missed that vger.kernel.org as a "multihomed" (or "anycast", depending on how you look at it) had ceased to exist as an outbound relay for the LKML's and been replaced by (am|ny|sv|sy).mirrors.kernel.org back around Dec 19 last year. When I switched to: whitelist_from_rcvd v...@yandex.ru mirrors.kernel.org things started working again. -Philip
Re: Order of handling whitelist/blacklist
On Thu, 28 Mar 2024, Philip Prindeville via users wrote: On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote: On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. [snip..] My config also has: trusted_networks 192.168.6.0/24 trusted_networks 192.168.8.0/24 trusted_networks 127.0.0.1/32 So I don't think that's the problem. What are some steps to troubleshoot how the white/black-listing is happening? whitelist_from_rcvd requires SA to 'see' the envelope from address. Depending on how you have SA glued into your MTA that may not be happening and may require particular configurations. Try creating an entry for a known good address and see if it fires. If that source properly DKIM or SPF signs its messages it may be easier to use 'whitelist_auth' instead of whitelist_from_rcvd. It's also less maintenance headache as whitelist_from_rcvd must have the proper DNS names of their exit-point SMTP servers and in Cloud land that can change with out notice. -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St. Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{
Re: Order of handling whitelist/blacklist
On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I could find. You'd think the first would happen first, since it's more specific. Or, maybe that both would happen. On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote: they both should happen. note that the second argument must be Received: header provided by trusted server, so that argument depends on proper TrustPath set up https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath On 28.03.24 11:55, Philip Prindeville via users wrote: My config also has: trusted_networks 192.168.6.0/24 trusted_networks 192.168.8.0/24 trusted_networks 127.0.0.1/32 So I don't think that's the problem. What are some steps to troubleshoot how the white/black-listing is happening? can you show us the headers? Here or somewhere on pastebin? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Re: Order of handling whitelist/blacklist
> On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote: > > On 27.03.24 20:56, Philip Prindeville via users wrote: >> I have something that looks like: >> >> whitelist_from_rcvd v...@yandex.ru vger.kernel.org >> >> blacklist_from *@yandex.ru >> >> And I only ever seem to see the 2nd rule being hit, but not the first. >> >> What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that >> I could find. >> >> You'd think the first would happen first, since it's more specific. >> >> Or, maybe that both would happen. > > they both should happen. > note that the second argument must be Received: header provided by trusted > server, so that argument depends on proper TrustPath set up > > https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > One OS to rule them all, One OS to find them, > One OS to bring them all and into darkness bind them My config also has: trusted_networks 192.168.6.0/24 trusted_networks 192.168.8.0/24 trusted_networks 127.0.0.1/32 So I don't think that's the problem. What are some steps to troubleshoot how the white/black-listing is happening? Thanks
Re: Order of handling whitelist/blacklist
On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I could find. You'd think the first would happen first, since it's more specific. Or, maybe that both would happen. they both should happen. note that the second argument must be Received: header provided by trusted server, so that argument depends on proper TrustPath set up https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule them all, One OS to find them, One OS to bring them all and into darkness bind them