You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by John Schneider <jo...@daumcommercial.com> on 2004/08/20 23:36:01 UTC

whitelist_from_rcvd YET AGAIN!

I feel like a moron after reading all the threads on whitelist_from_rcvd
that all seem VERY clear and still not getting the results I need. So,
perhaps with my brain failing, I'm posting here for help.

I am trying to whitelist people in my own company that are sending mail
through our server. The headers look like this:

(Notice my_servers_domain is different than mydomain.com. The domain name of
the mail server is different than the domain for the users I am trying to
whitelist, which are using one of the virtual domains running on the host.)

Return-Path: <fi...@mydomain.com>
Received: from DG49S331 (host-66-66-66-66.lcinet.net [66.66.66.66])
	(authenticated bits=0)
	by internet.my_servers_domain.com (8.12.11/8.12.9) with ESMTP id
i7KKsdNL005496
	for <fi...@mydomain.com>; Fri, 20 Aug 2004 13:54:48
-0700 (PDT)
	(envelope-from firstname.lastname@mydomain.com)
From: "Firstname Lastname" <fi...@mydomain.com>
To: <fi...@mydomain.com>

In local.cf I have:

trusted_networks 55.55.55.55   ## The IP Address of my mailserver
'my_servers_domain.com'
whitelist_from_rcvd * lcinet.net
(I also tried whitelist_from_rcvd *@mydomain.com lcinet.net)

I can't get it to work.


Thanks for any help!


John Schneider

Re: Permission denied at ///Library/Perl/5.8.1/Mail/SpamAssassin.pm

Posted by Matt Kettler <mk...@evi-inc.com>.

At 06:46 PM 8/20/2004, rkudyba@raeinternet.com wrote:
>Aug 20 18:06:02 localhost spamd[1631]: debug: mkdir
>/var/empty/.spamassassin failed: mkdir /var/empty/.spamassassin:
>Permission denied at ///Library/Perl/5.8.1/Mail/SpamAssassin.pm line
>1279  No such file or directory
>
>The file and all the directories exist and are readable by all.  I see
>nothing at line 1279.

The directories need to have full RWX permissions to the userID spamd is 
running as.. They must be able to create, write, and delete files.

Re: Permission denied at ///Library/Perl/5.8.1/Mail/SpamAssassin.pm line 1279

Posted by Ryan Thompson <ry...@sasknow.com>.

rkudyba@raeinternet.com wrote to spamassassin-users@incubator.apache.org:

> On OS X running 2.64 in debug, what does this error mean and is this a
> known issue?
>
> Aug 20 18:06:02 localhost spamd[1631]: debug: mkdir
> /var/empty/.spamassassin failed: mkdir /var/empty/.spamassassin:
> Permission denied at ///Library/Perl/5.8.1/Mail/SpamAssassin.pm line
> 1279  No such file or directory
>
> The file and all the directories exist and are readable by all.  I see
> nothing at line 1279.

/var/empty is, as the name suggests, supposed to stay empty (i.e., you
don't want spamd to be making directories and saving user preferences to
/var/empty/.spamassassin, as it appears is happening, here). This isn't
specific to OSX.

My hunch is that the user who spamassassin is running as (or making user
preferences for) has their home directory set to /var/empty. (Probably
set that way because they're not a login user. Arguably, it's better is
to use the de-facto standard /nonexistent as their home, as many things
tend to fail a little more gracefully if the user's home directory
simply does not exist. In your case, it exists, but it isn't writable,
so you get complaints from spamd).

Either:
     a) Give the user a valid home directory
or  b) Don't use user preferences (if you're trying for a
        site-wide setup). Supply -x to spamd in this case.

Hope this helps,
- Ryan

-- 
   Ryan Thompson <ry...@sasknow.com>

   SaskNow Technologies - http://www.sasknow.com
   901-1st Avenue North - Saskatoon, SK - S7K 1Y4

         Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
   Toll-Free: 877-727-5669     (877-SASKNOW)     North America

Permission denied at ///Library/Perl/5.8.1/Mail/SpamAssassin.pm line

Posted by rk...@raeinternet.com.

On OS X running 2.64 in debug, what does this error mean and is this a
known issue?

Aug 20 18:06:02 localhost spamd[1631]: debug: mkdir
/var/empty/.spamassassin failed: mkdir /var/empty/.spamassassin:
Permission denied at ///Library/Perl/5.8.1/Mail/SpamAssassin.pm line
1279  No such file or directory

The file and all the directories exist and are readable by all.  I see
nothing at line 1279.

Re: whitelist_from_rcvd YET AGAIN!

Posted by "Scot L. Harris" <we...@cfl.rr.com>.

On Fri, 2004-08-20 at 21:45, Loren Wilton wrote:
> On thinking about it you probably can't do it with whitelist_from_rcvd.  My
> understanding (possibly incorrect in this specific case, but it looks right)
> is that SA just overrides any line with a later matching line.  So in this
> case you are probably just ending up with the last line.
> 
> The ideal case here would be if you could say
> 
> whitelist_from_rcvd *@mydomain (first_isp.com|second_isp.com)

Why not bypass spamassassin for inter-company email?  Use the MTA to
authenticate your internal email servers.   I know procmail could be
used to do this.

You don't spam each other in the office do you?

-- 
Scot L. Harris
webid@cfl.rr.com

Authors are easy to get on with -- if you're fond of children.
		-- Michael Joseph, "Observer"

RE: whitelist_from_rcvd YET AGAIN!

Posted by John Schneider <jo...@daumcommercial.com>.

Loren,

>> On thinking about it you probably can't do it with 
>> whitelist_from_rcvd.  My understanding (possibly incorrect 
>> in this specific case, but it looks right) is that SA just 
>> overrides any line with a later matching line.  So in this 
>> case you are probably just ending up with the last line.
>> 
>> The ideal case here would be if you could say
>> 
>> whitelist_from_rcvd *@mydomain (first_isp.com|second_isp.com)
>> 
>> But I doubt seriously that an RE will work here. 

I am almost sure you are right. 

>> I seem to recall some recent mention of an 'addrs' or 
>> 'address' modifier that can be used on Received (and maybe 
>> From?) that might tighten up that scan to make sure that it 
>> onlly hit on the right address in the received chain, to 
>> prevent spoofing.  Not sure how to use it, but a little 
>> searching in the docs or archive may make it obvious.

I'll research this and see what I can find. Thanks.
 
 
Regards,
 
 
 
John Schneider

Re: whitelist_from_rcvd YET AGAIN!

Posted by Loren Wilton <lw...@earthlink.net>.

On thinking about it you probably can't do it with whitelist_from_rcvd.  My
understanding (possibly incorrect in this specific case, but it looks right)
is that SA just overrides any line with a later matching line.  So in this
case you are probably just ending up with the last line.

The ideal case here would be if you could say

whitelist_from_rcvd *@mydomain (first_isp.com|second_isp.com)

But I doubt seriously that an RE will work here.  If it doesn't work it
would seem to be worth an enhancement request to the SA devs.

I think you are going to have to use a rule or three here.  Perhaps
something along the (untested) lines of

header __MY_FROM    From =~ /\@mydomain\.com/
header __MY_ISPS    Received =~ /\w\@(?:isp1|isp2|isp3)\.com[ >]/
meta    MY_USER_WHITELIST    (__MY_FROM && __MY_ISPS)
score MY_USER_WHITELIST    -50

Or something like that.

I seem to recall some recent mention of an 'addrs' or 'address' modifier
that can be used on Received (and maybe From?) that might tighten up that
scan to make sure that it onlly hit on the right address in the received
chain, to prevent spoofing.  Not sure how to use it, but a little searching
in the docs or archive may make it obvious.

        Loren

RE: whitelist_from_rcvd YET AGAIN!

Posted by John Schneider <jo...@daumcommercial.com>.

>> whitelist_from_rcvd *@gvadaum.com first_isp_domain.com 
>> whitelist_from_rcvd *@gvadaum.com second_isp_domain.com 
>> whitelist_from_rcvd *@gvadaum.com third_isp_domain.com

Actually, I was wrong about something... If I include the
whitelist_from_rcvd line for the second and third ISP, the first ISP doesn't
seem to work anymore. Is it possible to achieve the functionality I am
looking for with whitelist_from_rcvd?
 
Regards,

  
John Schneider

RE: whitelist_from_rcvd YET AGAIN!

Posted by John Schneider <jo...@daumcommercial.com>.

That 'general advice' actually helped a lot. 

Sometimes when you get deep into something it helps to have someone remind
you of the basics. Checking --lint and running with -D is definitely
something I should have tried before and helped me solve the problem (and
helped me to correct couple other things that I didn't realize needed
correcting).

I am trying to whitelist mail sent from our branch offices sent through our
email server to local users. Each of my branch offices is on 1 of 3
different ISPs. Our domain name is gvadaum.com.

The syntax actually worked the way I originally expected it to:

whitelist_from_rcvd *@gvadaum.com first_isp_domain.com
whitelist_from_rcvd *@gvadaum.com second_isp_domain.com
whitelist_from_rcvd *@gvadaum.com third_isp_domain.com

The IP for our mailserver that is used to both send and receive email is
listed in trusted_networks:
trusted_networks 69.20.70.56

It is working just fine now. Thanks!
 
Regards,
 
 
 
John Schneider

Re: whitelist_from_rcvd YET AGAIN!

Posted by Matt Kettler <mk...@evi-inc.com>.

At 05:36 PM 8/20/2004, John Schneider wrote:
>Return-Path: <fi...@mydomain.com>
>Received: from DG49S331 (host-66-66-66-66.lcinet.net [66.66.66.66])
>         (authenticated bits=0)
>         by internet.my_servers_domain.com (8.12.11/8.12.9) with ESMTP id
>i7KKsdNL005496
>         for <fi...@mydomain.com>; Fri, 20 Aug 2004 13:54:48
>-0700 (PDT)
>         (envelope-from firstname.lastname@mydomain.com)
>From: "Firstname Lastname" <fi...@mydomain.com>
>To: <fi...@mydomain.com>
>
>In local.cf I have:
>
>trusted_networks 55.55.55.55   ## The IP Address of my mailserver
>'my_servers_domain.com'
>whitelist_from_rcvd * lcinet.net
>(I also tried whitelist_from_rcvd *@mydomain.com lcinet.net)
>
>I can't get it to work.

That looks like, theoretically at least, it should work.

Some suggestions:
         1) run spamassassin --lint, to make sure there's no obvious config 
file errors. Fix any complaints it may have. (generic advice, but VERY 
commonly a problem)

         2) run one of these messages through spamassassin -D. Look in the 
debug output. Specifically check the part where SA is deciding if hosts are 
trusted or not. Make sure 66.66.66.66 is not trusted.

You should see something like this (I ran your message headers from your 
list posting through my copy of SA to generate this):

         debug: received-header: parsed as [ ip=66.59.224.253 
rdns=host-66-59-224-253.lcinet.net helo=DG49S331 by=internet.bizopz.com 
ident= ]
         debug: received-header: relay 66.59.224.253 trusted? no

Also look at the debug line which extracts From: addresses, and make sure 
it's not getting confused:
         debug: all '*From' addrs: ....