>I'm trying to understand why some domains are not whitelisted even
>though they pass SPF and are in my local welcomelist_auth entries. I'm
>using policyd-spf with postfix, and it appears to be adding the
>following header:
>
>X-Comment: SPF skipped for whitelisted relay domain -
>client-ip=13.110.6.221; helo=smtp14-ph2-sp4.mta.salesforce.com;
>envelope-from=re...@support.meridianlink.com; receiver=<UNKNOWN>
you seem to have domain listed in whitelist policyd-spf whitelist.
salesforce.com probably?
On 07.05.22 13:29, Alex wrote:
I figured out where it's whitelisted, but still don't understand how it works.
It's somehow referencing the postscreen access list I'm using:
postscreen_access_list =
permit_mynetworks, cidr:$config_directory/postscreen_access.cidr
In that file are cidr entries like:
13.110.208.0/21 permit
13.110.216.0/22 permit
13.110.224.0/20 permit
this is just postscreen whitelist, potscreen does not look up for SPF
unless something else uses this file somehow, this is not the problem.
I also sayt that the message says that "whitelisted relay domain", so it's
apparently not the IP address but the domain that is whitelisted.
Still,
I was aware of this access list, but I wasn't aware that the policy
daemon was also using it as well as postscreen.
The problem now is that I don't know _how_ it's using it, and how to
prevent it from affecting my welcomelist_auth entries. I don't see any
reference in the code that would indicate it's somehow getting this
info from postscreen/postfix and using it when making these decisions.
The unmodified original messages also no longer pass SPF - shouldn't
they? It does still pass DKIM from the command-line, and therefore my
welcomelist_auth entry, but not when it's first received.
you must search in policy daemon configuration and docs, this is not done by
postfix.
There was a reason I added this email to the welcomelist in the first
place. Perhaps a temporary solution would be to just remove the
postscreen access lists for now? Other ideas? Someone would like to
help me troubleshoot this? I'm thinking the fact that the IP is
whitelisted in postscreen is somehow being passed through the socket
to policyd-spf in a structure somewhere.
I still have no idea who and how whitelists this sender, so I can't tell you
what whitelist to remove.
>My welcomelist entry in SA for this specific email is as:
>welcomelist_auth re...@support.meridianlink.com
is this in spamassassin's local.cf ?
Yes
have you reloaded amavisd after you added it?
>salesforce is also listed in their SPF record:
>$ dig +short txt support.meridianlink.com
>"v=spf1 include:spf.protection.outlook.com include:_spf.salesforce.com -all"
SPF_PASS idicates that the SPF hit.
however, posting full headers could help us a bit.
https://pastebin.com/TvTx6KzY
X-Comment: SPF skipped for whitelisted relay domain - client-ip=13.110.6.221; helo=smtp14-ph2-sp4.mta.salesforce.com; envelope-from=re...@support.meridianlink.com; receiver=<UNKNOWN>
X-Greylist: whitelisted by SQLgrey-1.8.0
isn't it possible that it's sqlgrey that whitelisted your domain?
$ spamassassin --version
SpamAssassin version 4.0.0-r1889518
running on Perl version 5.32.1
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
