On Mon, 10 Nov 2003, Chris Barnes wrote:
> I am in need of a rule that will tell SpamAssassin to whitelist all
> email traffic which comes from our local Listserv (tm - www.lsoft.com)
> lists.
>
> The problem is that messages from the Listserv list have the original
> author's email address in the From: line. The Listserv list address is
> in a header tag of:
>
> Sender: Name-of-list [EMAIL PROTECTED]
>
>
> In other words, SA needs to look at a header tag of SENDER:, not FROM:
> How would this rule look?
>
> (my guess)
> header LISTSERV_GOOD_SENDER Sender =~listserv.tamu.edu
> score LISTSERV_GOOD_SENDER -100
>
> Would that work?
Almost. It needs to be a valid perl pattern-match regex:
header LISTSERV_GOOD_SENDER Sender =~ /listserv.tamu.edu/
Only problem with that is that it will be suceptable to spammer abuse
if they ever find out about it. (note that emperical evidence points
to spammers reading this list ;().
What would be better is if you could use 'whitelist_from_rcvd' as it's
much more difficult for an external agent to abuse.
However this would require the predictable envelope-from address
being accesssable to SA.
In addition to the "From:" header SA looks for "from" address info in
the headers:
Envelope-Sender:
Resent-Sender:
X-Envelope-From:
Return-Path:
Resent-From:
Any chance you could get your listserv to put it's Sender info into
one of these?
If you are only concerned about local SA filtering of these messages,
you could customize the 'EvalTests.pm' file in your SA instalation
and add "Sender:" to that recognized "from" header list.
One other possibility depends upon how you call SA. If your method of
processing the mail has access to the envelope-sender, you could hack it
to synthesize a 'Envelope-Sender' header to pass that info in to SA.
I use spamd with sendmail and miltrassassin. I hacked the miltrassassin
code to synthesize a 'Envelope-Sender' header and it makes whitelisting
mailing lists va whitelist_from_rcvd much easier.
If you do go the whitelist_from_rcvd route be sure to set your
trusted_networks parameter.
FWIW, I prefer to use def_whitelist_from_rcvd instead of
whitelist_from_rcvd. Makes mistakes and successful forgeries less
damaging. ;)
Dave
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
