Hi, On Mon, Jul 4, 2016 at 9:00 PM, Bill Cole <sausers-20150...@billmail.scconsult.com> wrote: > On 3 Jul 2016, at 14:48, Alex wrote: > >>> On 2016-07-03 20:18, Alex wrote: >>> >>>> whitelist_from *@pm.sprintpcs.com > > [...] >> >> From: Sprint User <5556142...@pm.sprint.com> > > > One of these things is not like the other... Not that it actually matters. > > This is also substantially confused by the fact that your pastebin version > is both mangled by whatever is "quarantining" the message and apparently > manually munged for privacy. That is probably confusing some of the people > offering "help" becuase it isn't obvious what is substituted for what and > how various oddities arose in that odd message...
Outside of using "example" in place of our domain, and changing the phone number without affecting its format, no other changes were made. > There are SO MANY wrong things about this. At the top of the list: Sprint is > adding fraudulent Resent-* headers. This breaks ANY rational attempt to > whitelist in SpamAssassin, which unfortunately trusts the Resent-From header > above all others to the point of ignoring all others entirely. If I manually > remove the Resent-From header, SA sees both the RFC5321.MailFrom and > RFC5322.From values as part of "all '*From' addrs" but with Resent-From it > only sees the local alias to which the SMS was sent. In my initial message, I mentioned these were being quarantined, which I thought was enough to make it clear I was pulling them from my quarantine. It was discovered in a later post that these Resent-From headers were added during this quarantine process. I'm very sorry for the confusion. After removing the Resent-From headers, I'm able to successfully test the whitelisting of the quarantined messages against my local whitelist_from_rcvd entries. Sprint is definitely broken, and I hate having to whitelist them. It is really just the KAM_LAZY_DOMAIN_SECURITY from the KAM.cf rules that's causing it to be quarantined. I suppose I could also write a meta that subtracts the same points if it's been relayed through sprintpcs, etc. I'm discussing this rule separately with Joe/Kevin for this reason. Thanks for your thorough help, as always. Alex
