Re: Whitelist not working - Ugh please help
On Sat, January 10, 2009 09:15, mouss wrote: > Not necessarily. you can extend trust if this brings you more > benefits than problems. msa_networks depends on trusted_networks, does it make sense ? maybe, maybe not but i keep my trusted at very few, olso so dns whitelist will be quered to give more whole view of the sender -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Whitelist not working - Ugh please help
Benny Pedersen a écrit : > On Fri, January 9, 2009 22:44, mouss wrote: > >> # spf/dkim/dk >> whitelist_from_auth payme...@paypal.com > > this one does not exists > > whitelist_auth > def_whitelist_auth > unwhitelist_auth > > does > thanks for the correction. next time, I'll cut-n-paste instead of inventing new keywords ;-p > see perldoc Mail::SpamAssassin::Conf and corsponding plugin docs > >> you should also make sure your trusted_networks are correctly >> configured. > > and is ONLY ones own ips that can be 112% trusted ! > Not necessarily. you can extend trust if this brings you more benefits than problems.
Re: Whitelist not working - Ugh please help
On Fri, January 9, 2009 22:44, mouss wrote: > # spf/dkim/dk > whitelist_from_auth payme...@paypal.com this one does not exists whitelist_auth def_whitelist_auth unwhitelist_auth does see perldoc Mail::SpamAssassin::Conf and corsponding plugin docs > you should also make sure your trusted_networks are correctly > configured. and is ONLY ones own ips that can be 112% trusted ! -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Whitelist not working - Ugh please help
On Fri, 9 Jan 2009, mouss wrote: Anyway, I just tried (with a tagged address) and my SA didn't say anything about the message. so what's the problem? The problem is not in SA. Apparently he's using a defunct DNSBL that's overriding the SA score. SA scored the message negative 40-mumble, which the glue ignored. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Your mouse has moved. Your Windows Operating System must be relicensed due to this hardware change. Please contact Microsoft to obtain a new activation key. If this hardware change results in added functionality you may be subject to additional license fees. Your system will now shut down. Thank you for choosing Microsoft. --- 8 days until Benjamin Franklin's 303rd Birthday
Re: Whitelist not working - Ugh please help
Please use a mailer that obeys the "Reply-To:" header. mo...@ml.* is reserved for mailing list mail (i.e. mail coming from list servers). ndwor...@ix.netcom.com a écrit : > It's not spam, it's a reply to a mailing list sign up form. The > customer signs up and then receives a free drink at our bar. > www.fbpc.com well, "Special Offer" is really not a recommended subject... and I hope you have good list mgmt. Anyway, I just tried (with a tagged address) and my SA didn't say anything about the message. so what's the problem? > I'm not sure how to use those. So if I want to allow my email from fbpc.com > what would the syntax be? Here are examples of whitelist_from_* # RCVD whitelist_from_rcvd ab...@yahoo.com yahoo.com # DKIM whitelist_from_dkim googlealerts-nore...@google.com # SPF whitelist_from_spf *...@spamassassin.apache.org # spf/dkim/dk whitelist_from_auth payme...@paypal.com you should also make sure your trusted_networks are correctly configured.
Re: Whitelist not working - Ugh please help
Please do not top-post.
On Thu, 2009-01-08 at 17:48 -0800, fbpc wrote:
> Look, I'm not sending spam, I'm sending REPLY coupons to customers. If you
> don't believe me, go to my website www.fbpc.com. I believe the PORN is
> triggered because the full name of the bar is the Fat Black Pussycat, which
> is a neighborhood bar/nightclub in Greenwich Village. The name has existed
> in the Village since 1959, and is taken from a W.C. Fields movie.
Look, you didn't get my most important point. Yes, I was pointing out
some spammy looking oddities -- but the real issue is...
That sender got an AWL of a whopping 50. Think about that. It means,
that while this particular mail scored low (read: not spam) without your
whitelist and AWL, the senders history average is *way* above that.
Something like an average of 100 or something. Thus AWL "corrected" the
score.
The real question for you is, *why* does that sender maintain an average
score higher than 50?
Again, any chance you sent a GTUBE test message using that sender?
Please re-read my previous post carefully. The point is, that if that
sender would *not* send messages scoring above 50 regularly, AWL would
not adjust the score that dramatically -- and there would be no need for
whitelisting in the first place. Think about it...
> I came to this forum just to get some help: how do I whitelist myself
> effectively.
IMHO you do not need to whitelist. You need to investigate why the
average score for that sender is that high. Then fix that. Whitelisting
is just a bad work-around for the real issue.
(Also, you already do whitelist that sender in SA. It's mailscanner that
treated the message as spam, NOT SA.)
> If anyone can give me the simple syntax I'd be really appreciative, because
> althougth the headers say it's not being checked - the subject of the emails
> is still being changed.
Moreover, as has been stated a few times -- SA did *NOT* reject that
particular mail. It was your broken mailscanner conf.
> >> > X-FBPC-MailScanner-Information: Please contact the ISP for more
> >> information
> >> > X-FBPC-MailScanner: Found to be clean
> >> > X-FBPC-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (not cached,
> >> > score=-47.589, required 7, AWL 50.32, BAYES_44 -0.00,
> >> > HTML_50_60 0.10, HTML_MESSAGE 0.10, PORN_4 1.89,
> >> > USER_IN_WHITELIST -100.00)
> > BAYES_44 -- how old is that?
Read that as "what is your SA version" and answer the question, please.
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Whitelist not working - Ugh please help
Evan Platt wrote on Thu, 08 Jan 2009 22:01:50 -0800: > If there's a few pages of quoted text, it shows ...snip and for > some reason, removes odd things, like in this case, the Nabble tag. Any ideas? It's a signature. I have configured my reader to grey them out, so they don't distract, but I still see them if I want. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: Whitelist not working - Ugh please help
At 09:48 PM 1/8/2009, you wrote: The footer at the bottom of the original message is a hint as to why your advice won't be understood. :-) Regards, -sm AARGH! Ok, unless someone here knows, I'll ask in an Eudora group... I turned Header mode to Terse. Only shows the From, To, and subject headers. But also trims the heck out of the message. If there's a few pages of quoted text, it shows ...snip and for some reason, removes odd things, like in this case, the Nabble tag. Any ideas?
Re: Whitelist not working - Ugh please help
At 18:40 08-01-2009, Evan Platt wrote: For the THIRD time, SpamAssassin is not marking the mail as Spam. Mailscanner is. You need to ask on a mailscanner list. The footer at the bottom of the original message is a hint as to why your advice won't be understood. :-) Regards, -sm
Re: Whitelist not working - Ugh please help
For the THIRD time, SpamAssassin is not marking the mail as Spam. Mailscanner is. You need to ask on a mailscanner list. At 06:15 PM 1/8/2009, you wrote: Yes it is my server. My SPF and I have Domain Keys as well. Not sure why that's relevant. I have followed the instructions on the SpamAssasin website, but although the headers show that the whitelist is recognized, the program is still changing the subjects of my emails. I supose I could go into the config and change the words "SPAM" and "DISARM" to blank spaces, but then I wouldn't have them when they really did block SPAM. The whitelist is needed because my emails to customers are being falsely identified as spam. I can send you a copy of the email itself if you want to see it.
Re: Whitelist not working - Ugh please help
On Fri, January 9, 2009 03:15, fbpc wrote: > Yes it is my server. My SPF and I have Domain Keys as well. Not > sure why that's relevant. if you dont know that then remove them > I have followed the instructions on the SpamAssasin website, but > although the headers show that the whitelist is recognized, and the recipients agre not to say why mails from you are blocked ? > the program is still changing the subjects of my emails. what program ? > I supose I could go into the config and change the words "SPAM" and > "DISARM" to blank spaces, but then I wouldn't have them when they > really did block SPAM. what ? > The whitelist is needed because my emails to customers are being > falsely identified as spam. i bet that /16 range is NOT your servers ips > I can send you a copy of the email itself if you want > to see it. its ok with me if it will not be a perment sending of mails to me -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Whitelist not working - Ugh please help
Yes it is my server. My SPF and I have Domain Keys as well. Not sure why that's relevant. I have followed the instructions on the SpamAssasin website, but although the headers show that the whitelist is recognized, the program is still changing the subjects of my emails. I supose I could go into the config and change the words "SPAM" and "DISARM" to blank spaces, but then I wouldn't have them when they really did block SPAM. The whitelist is needed because my emails to customers are being falsely identified as spam. I can send you a copy of the email itself if you want to see it. Benny Pedersen wrote: > > On Fri, January 9, 2009 02:48, fbpc wrote: > >> I came to this forum just to get some help: how do I whitelist >> myself effectively. > > i can olso ask why whitelist at all is needed ? > > but here: > http://old.openspf.org/wizard.html?mydomain=fbpc.com&submit=Go! > > v=spf1 a mx ip4:64.202.0.1/16 ip4:69.94.64.50 ip4:69.94.36.75 -all > > i wonder if all that ips is your own server ? > > if so you should know how to handle it self :))) > > -- > Benny Pedersen > Need more webspace ? http://www.servage.net/?coupon=cust37098 > > > > -- View this message in context: http://www.nabble.com/Whitelist-not-working---Ugh-please-help-tp21360757p21365041.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Whitelist not working - Ugh please help
On Fri, January 9, 2009 02:48, fbpc wrote: > I came to this forum just to get some help: how do I whitelist > myself effectively. i can olso ask why whitelist at all is needed ? but here: http://old.openspf.org/wizard.html?mydomain=fbpc.com&submit=Go! v=spf1 a mx ip4:64.202.0.1/16 ip4:69.94.64.50 ip4:69.94.36.75 -all i wonder if all that ips is your own server ? if so you should know how to handle it self :))) -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Whitelist not working - Ugh please help
At 05:48 PM 1/8/2009, you wrote: Look, I'm not sending spam, I'm sending REPLY coupons to customers. If you don't believe me, go to my website www.fbpc.com. I believe the PORN is triggered because the full name of the bar is the Fat Black Pussycat, which is a neighborhood bar/nightclub in Greenwich Village. The name has existed in the Village since 1959, and is taken from a W.C. Fields movie. I came to this forum just to get some help: how do I whitelist myself effectively. Your best bet, as I mentioned, is to not scan outgoing mail. You can't control what OTHER people have running on their system If anyone can give me the simple syntax I'd be really appreciative, because althougth the headers say it's not being checked - the subject of the emails is still being changed. This isn't a SpamAssassin issue - it's a mailscanner issue. You need to ask on a mailscanner list.
Re: Whitelist not working - Ugh please help
Look, I'm not sending spam, I'm sending REPLY coupons to customers. If you
don't believe me, go to my website www.fbpc.com. I believe the PORN is
triggered because the full name of the bar is the Fat Black Pussycat, which
is a neighborhood bar/nightclub in Greenwich Village. The name has existed
in the Village since 1959, and is taken from a W.C. Fields movie.
I came to this forum just to get some help: how do I whitelist myself
effectively.
If anyone can give me the simple syntax I'd be really appreciative, because
althougth the headers say it's not being checked - the subject of the emails
is still being changed.
Karsten Bräckelmann-2 wrote:
>
> On Thu, 2009-01-08 at 21:59 +0100, mouss wrote:
>> fbpc a écrit :
>> > I have whitelisted in my spam.whitelist.rules file: whitelist_from
>> > *...@fbpc.com
>>
>> don't do that. now spammers know how to evade your filters.
>> use reject_from_rcvd or reject_from_auth instead.
>>
>> but wait. this looks like spam to me. if it is, why are you sending it?
>>
>> > But outgoing emails are still getting stopped as spam. The whitelist
>> seems
>> > to be recognized in the headers, but the subject line still gets tagged
>> with
>> > a {SPAM} and the mail gets kicked back to me.
>
> Huh, you wouldn't need the whitelist (for SA) if the user just stops
> sending out spam galore. An AWL of *50* !? Any chance you sent a GTUBE
> using that sender to verify SA works?
>
>
>> > Subject: {SPM} Special Offer
>
>> > X-FBPC-MailScanner-Information: Please contact the ISP for more
>> information
>> > X-FBPC-MailScanner: Found to be clean
>> > X-FBPC-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (not cached,
>> >score=-47.589, required 7, AWL 50.32, BAYES_44 -0.00,
>> >HTML_50_60 0.10, HTML_MESSAGE 0.10, PORN_4 1.89,
>> >USER_IN_WHITELIST -100.00)
>
> Sic. Also wonder why PORN_4 triggers. And that Subject...
>
> BAYES_44 -- how old is that?
>
> guenther
>
>
> --
> char
> *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
> }}}
>
>
>
--
View this message in context:
http://www.nabble.com/Whitelist-not-working---Ugh-please-help-tp21360757p21364826.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Whitelist not working - Ugh please help
On Thu, January 8, 2009 21:59, Evan Platt wrote: > 1. Why are you checking outgoing mail? if he did not, maybe the sender ip will be blacklisted, much better -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Whitelist not working - Ugh please help
On Thu, 2009-01-08 at 21:59 +0100, mouss wrote:
> fbpc a écrit :
> > I have whitelisted in my spam.whitelist.rules file: whitelist_from
> > *...@fbpc.com
>
> don't do that. now spammers know how to evade your filters.
> use reject_from_rcvd or reject_from_auth instead.
>
> but wait. this looks like spam to me. if it is, why are you sending it?
>
> > But outgoing emails are still getting stopped as spam. The whitelist seems
> > to be recognized in the headers, but the subject line still gets tagged with
> > a {SPAM} and the mail gets kicked back to me.
Huh, you wouldn't need the whitelist (for SA) if the user just stops
sending out spam galore. An AWL of *50* !? Any chance you sent a GTUBE
using that sender to verify SA works?
> > Subject: {SPM} Special Offer
> > X-FBPC-MailScanner-Information: Please contact the ISP for more information
> > X-FBPC-MailScanner: Found to be clean
> > X-FBPC-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (not cached,
> > score=-47.589, required 7, AWL 50.32, BAYES_44 -0.00,
> > HTML_50_60 0.10, HTML_MESSAGE 0.10, PORN_4 1.89,
> > USER_IN_WHITELIST -100.00)
Sic. Also wonder why PORN_4 triggers. And that Subject...
BAYES_44 -- how old is that?
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Whitelist not working - Ugh please help
On Thu, January 8, 2009 21:54, fbpc wrote: > I have whitelisted in my spam.whitelist.rules file: whitelist_from > *...@fbpc.com newer use that whitelist_from anywhere ! even mailscanner can be fooled > X-FBPC-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (not > cached, > score=-47.589, required 7, AWL 50.32, BAYES_44 -0.00, > HTML_50_60 0.10, HTML_MESSAGE 0.10, PORN_4 1.89, > USER_IN_WHITELIST -100.00) ordb is long time DEAD, check rbl lists in you mailscanner -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Whitelist not working - Ugh please help
fbpc wrote: > I have whitelisted in my spam.whitelist.rules file: whitelist_from > *...@fbpc.com > The above file is a MailScanner config file not a SpamAssassin config file, it should NOT contain statements of that format. MailScanner's whitelisting options are formatted differently (I don't use them but they're something like "From: *...@example.com"). whitelist_from is a SpamAssassin option, and belongs in a spamassassin file (ie: local.cf), if you want to whitelist at the SpamAssassin level. That said, it looks like you've got MailScanner configured to trust ORDB as a 100% reliable indicator of spam, no matter what SA has to say. Looking at the below, SA whitelisted it (USER_IN_WHITELIST matched, and SA declared a strong negative score), but MailScanner decided it was spam anyway because of ORDB. Be wary of what you put in your spam.lists.conf. Any RBL run there will over-ride all SpamAssassin configuration. Actually, MailScanner will always over-ride anything SA says with what's in its own config files, so that's a general thing. > X-FBPC-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (not cached, > score=-47.589, required 7, AWL 50.32, BAYES_44 -0.00, > HTML_50_60 0.10, HTML_MESSAGE 0.10, PORN_4 1.89, > USER_IN_WHITELIST -100.00) > X-MailScanner-From: apa...@fbpc.fbpc.com > Status: > > >
Re: Whitelist not working - Ugh please help
On Thu, 8 Jan 2009, fbpc wrote: ... X-FBPC-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (not cached, ... In light of all the other comments already given, I couldn't help to notice the 'ORDB-RBL' in the MailScanner header. I'm assuming that is the ordb.org RBL that's been dead for quite a while now. You should remove the test from MailScanner if that is the case.
Re: Whitelist not working - Ugh please help
At 12:54 PM 1/8/2009, you wrote:
I have whitelisted in my spam.whitelist.rules file: whitelist_from
*...@fbpc.com
But outgoing emails are still getting stopped as spam. The whitelist seems
to be recognized in the headers, but the subject line still gets tagged with
a {SPAM} and the mail gets kicked back to me.
1. Why are you checking outgoing mail?
2. No, it isn't. It's being marked as {SPM}, but look at the score.
It's NEGATIVE. And it's being marked by mailscanner. You need to look
at your mailscanner config:
X-FBPC-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (not cached,
score=-47.589
That's a negative 47.
Here are the headers:
Return-Path:
Received: from server.fbpc.com (r...@localhost)
by fbpc.com (8.13.6/8.13.6) with ESMTP id n08KkIq7011444
for ; Thu, 8 Jan 2009 15:46:18 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=fbpc.com; s=mail;
t=1231447577; bh=TArxeXW6SyHb4NfeC8JAFSlTvNQ=; h=X-ClientAddr:Date:
Message-Id:To:Subject:MIME-Version:From:Content-Type:
X-FBPC-MailScanner-Information:X-FBPC-MailScanner:
X-FBPC-MailScanner-SpamCheck:X-MailScanner-From; b=sLxM4SkfNazwd/I
nPBmYX+XdoH8XjwDe3f4Pn8NhowQ7Ff5PMHNyMr+xi8UgbAHUtZ4t5Esa7BjuEyS6Ez
M1vpNEnE6PVTYEQ9Wl6/CJiyhmwOPOiqJ3s8FpB2MIW3o0Nn+5X69c16YsI15D2SwmS
/mGFxW5ctwqtzJzrYCLR0M=
Received: from fbpc.fbpc.com (fbpc.fbpc.com [69.94.36.75])
by server.fbpc.com (8.13.6/8.13.6) with ESMTP id n08KkHuN011438
for ; Thu, 8 Jan 2009 15:46:17 -0500
X-ClientAddr: 127.0.0.1
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=fbpc.com; s=mail;
t=1231447253; bh=TArxeXW6SyHb4NfeC8JAFSlTvNQ=; h=Date:Message-Id:To:
Subject:MIME-Version:From:Content-Type; b=TEWxVWJtzD4ynJSeSF0iLLNX
eofvojo3BZyac5eAZRChucehuu7318KcuW7meBphdaiXiZyv4qQe6eoHYXvuXMi09G8
3uFSpNT/Li1Sw0IlAh4Upc0ohAcbyIbebOGvHbXPiCsnIByMGt+uLTHv40/hb8pUct6
Qb3M7EzqY8fsw=
Received: from fbpc.fbpc.com (localhost.localdomain [127.0.0.1])
by fbpc.fbpc.com (8.13.1/8.13.1) with ESMTP id n08KepNG015886
for ; Thu, 8 Jan 2009 15:40:52 -0500
Received: (from apa...@localhost)
by fbpc.fbpc.com (8.13.1/8.13.1/Submit) id n08KenC2015885;
Thu, 8 Jan 2009 15:40:49 -0500
Date: Thu, 8 Jan 2009 15:40:49 -0500
Message-Id: <200901082040.n08kenc2015...@fbpc.fbpc.com>
To: emilykapla...@yahoo.com
Subject: {SPM} Special Offer
MIME-Version: 1.0
From: FBPC Village Underground
Content-Type: multipart/alternative;
boundary="=_3dac0773b829026660b25460df96db01"
X-FBPC-MailScanner-Information: Please contact the ISP for more information
X-FBPC-MailScanner: Found to be clean
X-FBPC-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (not cached,
score=-47.589, required 7, AWL 50.32, BAYES_44 -0.00,
HTML_50_60 0.10, HTML_MESSAGE 0.10, PORN_4 1.89,
USER_IN_WHITELIST -100.00)
X-MailScanner-From: apa...@fbpc.fbpc.com
Status:
--
View this message in context:
http://www.nabble.com/Whitelist-not-working---Ugh-please-help-tp21360757p21360757.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Whitelist not working - Ugh please help
fbpc a écrit :
> I have whitelisted in my spam.whitelist.rules file: whitelist_from
> *...@fbpc.com
>
don't do that. now spammers know how to evade your filters.
use reject_from_rcvd or reject_from_auth instead.
but wait. this looks like spam to me. if it is, why are you sending it?
> But outgoing emails are still getting stopped as spam. The whitelist seems
> to be recognized in the headers, but the subject line still gets tagged with
> a {SPAM} and the mail gets kicked back to me.
>
> Here are the headers:
>
> Return-Path:
> Received: from server.fbpc.com (r...@localhost)
> by fbpc.com (8.13.6/8.13.6) with ESMTP id n08KkIq7011444
> for ; Thu, 8 Jan 2009 15:46:18 -0500
> DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=fbpc.com; s=mail;
> t=1231447577; bh=TArxeXW6SyHb4NfeC8JAFSlTvNQ=; h=X-ClientAddr:Date:
>Message-Id:To:Subject:MIME-Version:From:Content-Type:
>X-FBPC-MailScanner-Information:X-FBPC-MailScanner:
>X-FBPC-MailScanner-SpamCheck:X-MailScanner-From; b=sLxM4SkfNazwd/I
> nPBmYX+XdoH8XjwDe3f4Pn8NhowQ7Ff5PMHNyMr+xi8UgbAHUtZ4t5Esa7BjuEyS6Ez
> M1vpNEnE6PVTYEQ9Wl6/CJiyhmwOPOiqJ3s8FpB2MIW3o0Nn+5X69c16YsI15D2SwmS
> /mGFxW5ctwqtzJzrYCLR0M=
> Received: from fbpc.fbpc.com (fbpc.fbpc.com [69.94.36.75])
> by server.fbpc.com (8.13.6/8.13.6) with ESMTP id n08KkHuN011438
> for ; Thu, 8 Jan 2009 15:46:17 -0500
> X-ClientAddr: 127.0.0.1
> DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=fbpc.com; s=mail;
> t=1231447253; bh=TArxeXW6SyHb4NfeC8JAFSlTvNQ=; h=Date:Message-Id:To:
>Subject:MIME-Version:From:Content-Type; b=TEWxVWJtzD4ynJSeSF0iLLNX
> eofvojo3BZyac5eAZRChucehuu7318KcuW7meBphdaiXiZyv4qQe6eoHYXvuXMi09G8
> 3uFSpNT/Li1Sw0IlAh4Upc0ohAcbyIbebOGvHbXPiCsnIByMGt+uLTHv40/hb8pUct6
> Qb3M7EzqY8fsw=
> Received: from fbpc.fbpc.com (localhost.localdomain [127.0.0.1])
> by fbpc.fbpc.com (8.13.1/8.13.1) with ESMTP id n08KepNG015886
> for ; Thu, 8 Jan 2009 15:40:52 -0500
> Received: (from apa...@localhost)
> by fbpc.fbpc.com (8.13.1/8.13.1/Submit) id n08KenC2015885;
> Thu, 8 Jan 2009 15:40:49 -0500
> Date: Thu, 8 Jan 2009 15:40:49 -0500
> Message-Id: <200901082040.n08kenc2015...@fbpc.fbpc.com>
> To: emilykapla...@yahoo.com
> Subject: {SPM} Special Offer
> MIME-Version: 1.0
> From: FBPC Village Underground
> Content-Type: multipart/alternative;
> boundary="=_3dac0773b829026660b25460df96db01"
> X-FBPC-MailScanner-Information: Please contact the ISP for more information
> X-FBPC-MailScanner: Found to be clean
> X-FBPC-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (not cached,
> score=-47.589, required 7, AWL 50.32, BAYES_44 -0.00,
> HTML_50_60 0.10, HTML_MESSAGE 0.10, PORN_4 1.89,
> USER_IN_WHITELIST -100.00)
> X-MailScanner-From: apa...@fbpc.fbpc.com
> Status:
>
>
Re: Whitelist not working...
Richard Hobbs wrote: > Hello, > > Thank you for your reply, and apologies for my delay in replying again. > > If these emails are never going to match the whitelist, is there a way I can > always allow emails from certain addresses in a fool-proof way? > > The addresses I need to allow though are very unlikely to be spoofed, so > this isn't too much of a concern. > > Thanks again, > Richard. > If you aren't concerned about forgery, a simple whitelist_from will work. Matching the address isn't a problem, it's getting a RDNS for the rcvd part to match that is a problem.
Re: Whitelist not working...
You can use whitelist_from. This will only match on the From address, so is quite spoofable. Loren
RE: Whitelist not working...
Hello, Thank you for your reply, and apologies for my delay in replying again. If these emails are never going to match the whitelist, is there a way I can always allow emails from certain addresses in a fool-proof way? The addresses I need to allow though are very unlikely to be spoofed, so this isn't too much of a concern. Thanks again, Richard. -- Richard Hobbs (Systems Administrator) Toshiba Research Europe Ltd. - Speech Technology Group Web: http://www.toshiba-europe.com/research/ Email: [EMAIL PROTECTED] Tel: +44 1223 376964Mobile: +44 7811 803377 > -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: 18 August 2005 18:18 > To: Richard Hobbs > Cc: users@spamassassin.apache.org > Subject: Re: Whitelist not working... > > > > > > Richard Hobbs wrote: > > Hello, > > > > Here are the headers of one of the emails from a receipient in the > > whitelist. I have replaced sensitive information with > and @ symbols > > with [at] in case this gets archived anywhere. > > > > > > > > It all looks normal to me... Any ideas? > > Well it looks normal, but it doesn't look like it should > match your whitelist. > > I see a from address that matches inmac.co.uk, but I don't > see a received: > header that matches inmac.co.uk. In order to be whitelisted > the message must > match BOTH clauses. > > Thus, this message will NEVER match: > > def_whitelist_from_rcvd [EMAIL PROTECTED] inmac.co.uk > > In fact, what appears to be their server (164.38.196.85) > doesn't have any RDNS > entry, so their mail will *never* be able to match any > whitelist_from_rcvd > commands at all. Ever. > > > > _ > This e-mail has been scanned for viruses by MCI's Internet > Managed Scanning Services - powered by MessageLabs. For > further information visit http://www.mci.com > > _ This e-mail has been scanned for viruses by MCI's Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com
Re: Whitelist not working...
Richard Hobbs wrote: > Hello, > > Here are the headers of one of the emails from a receipient in the > whitelist. I have replaced sensitive information with and @ symbols > with [at] in case this gets archived anywhere. > > It all looks normal to me... Any ideas? Well it looks normal, but it doesn't look like it should match your whitelist. I see a from address that matches inmac.co.uk, but I don't see a received: header that matches inmac.co.uk. In order to be whitelisted the message must match BOTH clauses. Thus, this message will NEVER match: def_whitelist_from_rcvd [EMAIL PROTECTED] inmac.co.uk In fact, what appears to be their server (164.38.196.85) doesn't have any RDNS entry, so their mail will *never* be able to match any whitelist_from_rcvd commands at all. Ever.
RE: Whitelist not working...
Hello, Here are the headers of one of the emails from a receipient in the whitelist. I have replaced sensitive information with and @ symbols with [at] in case this gets archived anywhere. Received: from mail19.messagelabs.com ([193.109.254.3]) by mail.crl.toshiba.co.uk with smtp (Exim 4.50) id 1E52NZ-WN-54 for richard.hobbs[at]crl.toshiba.co.uk; Tue, 16 Aug 2005 15:25:27 +0100 X-VirusChecked: Checked X-Env-Sender: [at]Inmac.co.uk X-Msg-Ref: server-5.tower-19.messagelabs.com!1124202053!34334569!1 X-StarScan-Version: 5.4.15; banners=-,-,crl.toshiba.co.uk X-Originating-IP: [193.109.254.163] Received: (qmail 27475 invoked from network); 16 Aug 2005 14:20:53 - Received: from mail30.messagelabs.com (193.109.254.163) by server-5.tower-19.messagelabs.com with SMTP; 16 Aug 2005 14:20:53 - X-VirusChecked: Checked X-Env-Sender: [at]Inmac.co.uk X-Msg-Ref: server-13.tower-30.messagelabs.com!1124202050!0!1 X-StarScan-Version: 5.4.15; banners=.,-,- X-Originating-IP: [164.38.196.85] Received: (qmail 12189 invoked from network); 16 Aug 2005 14:20:50 - Received: from unknown (HELO pcwbmg02.pcwbhq.co.uk) (164.38.196.85) by server-13.tower-30.messagelabs.com with SMTP; 16 Aug 2005 14:20:50 - Received: from pcwb.com ([164.38.196.51]) by pcwbmg02.pcwbhq.co.uk with Microsoft SMTPSVC(6.0.3790.0); Tue, 16 Aug 2005 15:20:46 +0100 To: richard.hobbs[at]crl.toshiba.co.uk From: [at]Inmac.co.uk Subject: Sales Quotation Date: Tue, 16 Aug 2005 15:23:14 +0100 Date: Tue, 16 Aug 2005 15:23:14 +0100 Message-ID: X-OriginalArrivalTime: 16 Aug 2005 14:20:46.0850 (UTC) FILETIME=[B1D3A620:01C5A26D] It all looks normal to me... Any ideas? Thanks again, Richard. -- Richard Hobbs (Systems Administrator) Toshiba Research Europe Ltd. - Speech Technology Group Web: http://www.toshiba-europe.com/research/ Email: [EMAIL PROTECTED] Tel: +44 1223 376964Mobile: +44 7811 803377 > -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: 16 August 2005 19:22 > To: Richard Hobbs > Cc: users@spamassassin.apache.org > Subject: Re: Whitelist not working... > > Richard Hobbs wrote: > > Hello, > > > > In an attempt to always allow emails from particular > domains, I have added > > the following lines into "/etc/spamassassin/local.cf": > > > > def_whitelist_from_rcvd [EMAIL PROTECTED] inmac.co.uk > > def_whitelist_from_rcvd [EMAIL PROTECTED] Inmac.co.uk > > def_whitelist_from_rcvd [EMAIL PROTECTED] domain.co.jp > > > > But, they are being ignored. Any ideas? > > What does one of the Received: headers look like? My guess is > if you're having > problems with them matching it's the rcvd part. > > Either that or the From: is in a non-matching format, ie: > [EMAIL PROTECTED] > > > > > Also, are they case sensitive? i.e. if I always allow > [EMAIL PROTECTED] will it > > block [EMAIL PROTECTED] as well? > > They are case insensitive. > > > _ > This e-mail has been scanned for viruses by MCI's Internet > Managed Scanning Services - powered by MessageLabs. For > further information visit http://www.mci.com > > _ This e-mail has been scanned for viruses by MCI's Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com
Re: Whitelist not working...
Richard Hobbs wrote: > Hello, > > In an attempt to always allow emails from particular domains, I have added > the following lines into "/etc/spamassassin/local.cf": > > def_whitelist_from_rcvd [EMAIL PROTECTED] inmac.co.uk > def_whitelist_from_rcvd [EMAIL PROTECTED] Inmac.co.uk > def_whitelist_from_rcvd [EMAIL PROTECTED] domain.co.jp > > But, they are being ignored. Any ideas? What does one of the Received: headers look like? My guess is if you're having problems with them matching it's the rcvd part. Either that or the From: is in a non-matching format, ie: [EMAIL PROTECTED] > > Also, are they case sensitive? i.e. if I always allow [EMAIL PROTECTED] will > it > block [EMAIL PROTECTED] as well? They are case insensitive.
Re: Whitelist not working (solved)
Elsa Andrés wrote: Wow... I'm impressed! I added "-x" option to spamd start script as you mentioned (to prevent "user prefs" to become active) and, sure it works! Thank you very much for you tip. I was being crazy to find the error, and looked and re-looked the local.cf and anything seemed O.K. I think SA admins should add a little note in documentation in order to prevent SA user's sanity... Not that impressive; I got hit by it myself when I started using spamd instead of spamassassin directly :-) It's fixed in the new version (3.0.1), so you might consider upgrading to that. -- Groeten, Marco.
RE: Whitelist not working
>Matt Kettler wrote: >> Suggestion: do ONE whitelist per whitelist_from statement, not two. >> whitelist_from should only accept one parameter. >> >> whitelist_from_rcvd expects two parameters, but the second parameter >> is not a From: address, so perhaps looking at those got you >> confused.. > >Barring major changes to the configuration for whitelist_from since 2.64 >(and back at least as far as 2.4x), whitelist_from should accept >multiple entries on each line. > >For practical reasons, you may need multiple lines (I have serveral >users with ~30-odd lines of whitelist_from entries, totalling ~80-100 >specific entries) and they work just fine for 2.64. > >You're right about whitelist_from_rcvd though. Hello Matt and Kris, As per SA documentation, "whitelist_from" can understand several formats, such as: whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] And so on. So the problem was not pointing to there. Marco told me the solution, that pointed to SA bug, and once applied his solution, anything is working as expected. Thanks, anyway, for your ideas. Regards,
RE: Whitelist not working (solved)
>You're probably getting hit by bug 3855 ('whitelist_from in local.cf
>ignored after whitelist_from loaded from users prefs').
>
>Either disable the user_prefs (if you are not using them) by giving
>spamd the '-x' option, or upgrade to 3.0.1, where it's fixed.
Hi Marco,
Wow... I'm impressed!
I added "-x" option to spamd start script as you mentioned (to prevent "user
prefs" to become active) and, sure it works!
Thank you very much for you tip. I was being crazy to find the error, and
looked and re-looked the local.cf and anything seemed O.K. I think SA admins
should add a little note in documentation in order to prevent SA user's
sanity...
:-D
Greetings.
Re: Whitelist not working
Matt Kettler wrote: > Suggestion: do ONE whitelist per whitelist_from statement, not two. > whitelist_from should only accept one parameter. > > whitelist_from_rcvd expects two parameters, but the second parameter > is not a From: address, so perhaps looking at those got you > confused.. Barring major changes to the configuration for whitelist_from since 2.64 (and back at least as far as 2.4x), whitelist_from should accept multiple entries on each line. For practical reasons, you may need multiple lines (I have serveral users with ~30-odd lines of whitelist_from entries, totalling ~80-100 specific entries) and they work just fine for 2.64. You're right about whitelist_from_rcvd though. -kgd -- Get your mouse off of there! You don't know where that email has been!
Re: Whitelist not working
At 11:54 AM 10/25/2004 +0200, Elsa Andrés wrote: whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED] But e-mails coming from "[EMAIL PROTECTED]" or "[EMAIL PROTECTED]" are not marked with USER_IN_WHITELIST. When I say "from" I refer to "From:" field listed in e-mails header. Um, does the above pass spamassassin --lint? Suggestion: do ONE whitelist per whitelist_from statement, not two. whitelist_from should only accept one parameter. whitelist_from_rcvd expects two parameters, but the second parameter is not a From: address, so perhaps looking at those got you confused..
Re: Whitelist not working
Elsa Andrés wrote:
Any idea on how to get around this issue will be appreciated.
You're probably getting hit by bug 3855 ('whitelist_from in local.cf
ignored after whitelist_from loaded from users prefs').
Either disable the user_prefs (if you are not using them) by giving
spamd the '-x' option, or upgrade to 3.0.1, where it's fixed.
--
Regards,
Marco.
