You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by fitz <ji...@fitzrandolph.com> on 2017/03/23 23:06:55 UTC
Can someone post some real-world examples of whitelist_auth,
whitelist_spf, and whitelist_dkim?
I am attempting to tighten up my whitelists, replacing whitelist_from with
whitelist_auth, whitelist_spf, and/or whitelist_dkim. And having trouble.
The simplistic example of
whitelist_auth bob@example.com example.net
does not really cut it.
For example, I have the following headers:
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=76.74.244.76; helo=outbound076.dcm8.com;
envelope-from=qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e33e@inbound.dcm8.com;
receiver=someone@bebop.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1;
d=inbound.dcm8.com;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:List-Unsubscribe;
bh=glCJ7SPuJhI+sBNWpIcLUzww974=;
b=xtADEde9s1pYTVT8IBwjLVjOiDNCjf8GY3vaqk7HmMMgRtOzRhRcGZkT+yeKNHwlIOk8iYD9Y6uX
mMrOwIYFJ1H5iX1hn5Mj+Pd3BTpdhxPDd0YUBbfvmoa/W7hj2plUYDtSKt5wGYU8GRjSNj7xK5zx
juMZm6vlWkfFTwRdyM8=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1;
d=questdiagnosticssurvey.com;
b=mC5TtAPZBG0FwqfSaoAAFEn2hGO193KMoqpRbx/C3CmZ1KTfhcBz+9MsDi5z2dma4tkwLeGXYmMU
IyL3l2Y9bZD5MhpdA3daN8Z2o23QKgHFM7KHxfovtClAniOhoNDukdWhLAumDMlsmg4GG/iutulk
TbSLKC7h4SYaWu/Y1js=;
Received: from parking.hostmonster.com (10.0.95.23) by outbound076.dcm8.com
(PowerMTA(TM) v3.5r15) id hqfm400lr5gd for <so...@bebop.com>; Thu, 23 Mar
2017 15:39:28 +0000 (envelope-from
<QD...@inbound.dcm8.com>)
Date: Thu, 23 Mar 2017 15:39:28 +0000
From: Quest Diagnostics <su...@QuestDiagnosticsSurvey.com>
Reply-To: Quest Diagnostics <su...@QuestDiagnosticsSurvey.com>
I have tried
whitelist_(spf|auth|dkim) *@QuestDiagnosticsSurvey.com
(questdiagnosticssurvey.com | inbound.dcm8.com | outbound076.dcm8.com |
dcm8.com)
and none seem to work. I get SPF AUTH and DKIM_VALID_AU but no
USER_IN_WHITELIST.
I have been able to get the whitelist_auth to work for gmail, comcast, and a
few other places, but this one does not seem to work using the same rules.
From WHERE is one supposed to pull the second parameter for these rules?
--
View this message in context: http://spamassassin.1065346.n5.nabble.com/Can-someone-post-some-real-world-examples-of-whitelist-auth-whitelist-spf-and-whitelist-dkim-tp124537.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Can someone post some real-world examples of whitelist_auth,
whitelist_spf, and whitelist_dkim?
Posted by fitz <ji...@fitzrandolph.com>.
fantomas:
Yes, your example did work. Specifically,
whitelist_from_dkim *@QuestDiagnosticsSurvey.com inbound.dcm8.com
works. I thought I had tried that one, but apparently (digging back through
my logs) I had whitelist_dkim (without the 'from').
Also, thank you very much for the explanations. They really helped
understanding...
--
View this message in context: http://spamassassin.1065346.n5.nabble.com/Can-someone-post-some-real-world-examples-of-whitelist-auth-whitelist-spf-and-whitelist-dkim-tp124537p124542.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Can someone post some real-world examples of whitelist_auth,
whitelist_spf, and whitelist_dkim?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 23.03.17 16:06, fitz wrote:
>I am attempting to tighten up my whitelists, replacing whitelist_from with
>whitelist_auth, whitelist_spf, and/or whitelist_dkim. And having trouble.
>The simplistic example of
> whitelist_auth bob@example.com example.net
>does not really cut it.
>
>For example, I have the following headers:
>
>Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
>client-ip=76.74.244.76; helo=outbound076.dcm8.com;
>envelope-from=qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e33e@inbound.dcm8.com;
the envelope sender is
qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e33e@inbound.dcm8.com
although it's mentioned in no header other than this one.
>receiver=someone@bebop.com
>DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1;
>d=inbound.dcm8.com;
>
>h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:List-Unsubscribe;
> bh=glCJ7SPuJhI+sBNWpIcLUzww974=;
>
>b=xtADEde9s1pYTVT8IBwjLVjOiDNCjf8GY3vaqk7HmMMgRtOzRhRcGZkT+yeKNHwlIOk8iYD9Y6uX
>
>mMrOwIYFJ1H5iX1hn5Mj+Pd3BTpdhxPDd0YUBbfvmoa/W7hj2plUYDtSKt5wGYU8GRjSNj7xK5zx
> juMZm6vlWkfFTwRdyM8=
the signing domain is inbound.dcm8.com
>DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1;
>d=questdiagnosticssurvey.com;
>
>b=mC5TtAPZBG0FwqfSaoAAFEn2hGO193KMoqpRbx/C3CmZ1KTfhcBz+9MsDi5z2dma4tkwLeGXYmMU
>
>IyL3l2Y9bZD5MhpdA3daN8Z2o23QKgHFM7KHxfovtClAniOhoNDukdWhLAumDMlsmg4GG/iutulk
> TbSLKC7h4SYaWu/Y1js=;
>Received: from parking.hostmonster.com (10.0.95.23) by outbound076.dcm8.com
>(PowerMTA(TM) v3.5r15) id hqfm400lr5gd for <so...@bebop.com>; Thu, 23 Mar
>2017 15:39:28 +0000 (envelope-from
><QD...@inbound.dcm8.com>)
>Date: Thu, 23 Mar 2017 15:39:28 +0000
>From: Quest Diagnostics <su...@QuestDiagnosticsSurvey.com>
>Reply-To: Quest Diagnostics <su...@QuestDiagnosticsSurvey.com>
>
>I have tried
> whitelist_(spf|auth|dkim) *@QuestDiagnosticsSurvey.com
>(questdiagnosticssurvey.com | inbound.dcm8.com | outbound076.dcm8.com |
>dcm8.com)
>and none seem to work. I get SPF AUTH and DKIM_VALID_AU but no
>USER_IN_WHITELIST.
>
>I have been able to get the whitelist_auth to work for gmail, comcast, and a
>few other places, but this one does not seem to work using the same rules.
>
>>From WHERE is one supposed to pull the second parameter for these rules?
as others already noted, you mistook whitelist directived for whitelist_from_rcvd
whitelist_auth and whitelist_spf use only one parameter.
whitelist_from_dkim uses two parameters - From: address and signing domain.
(does my example above work?)
Note that all those whitelist directives use different headers to find the
sender.
Also note that the mail above is problematic, because From: address differs
from envelope from: (on whith SPF is based). That apparently causes your
problems:
whitelist_spf would work on address:
qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e33e@inbound.dcm8.com
whitelist_from_dkim whitelist_survey@QuestDiagnosticsSurvey.com inbound.dcm8.com
- should work, but you need the signing domain
Because of the above whitelist_auth won't work because whitelist_spf fails
AND whitelist_from_dkim fails if you don't add domain (which whitelist_auth
does not).
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
Re: Can someone post some real-world examples of whitelist_auth,
whitelist_spf, and whitelist_dkim?
Posted by Benny Pedersen <me...@junc.eu>.
David B Funk skrev den 2017-03-24 01:26:
> One slight potential point of confusion, whitelist_(spf|auth|dkim)
> allows for multiple addresses on one line, so it can look a little
> like whitelist_from_received which -requires- pairs of conf data but
> whitelist_(spf|auth|dkim) actuall works on single address/patterns.
thats not correct for whitelist_from_dkim
format is not like whitelist_from_spf and whitelist_auth
whitelist_from_dkim foo@from_header.example.org
d_domain_signing_key_here
so there it cant be multiple whitelists
for non 3dr party domain whitelists its whitelist_from_dkim
bar@from_header.example.org
just not more domains pr line
Re: Can someone post some real-world examples of whitelist_auth,
whitelist_spf, and whitelist_dkim?
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Thu, 23 Mar 2017, fitz wrote:
> I am attempting to tighten up my whitelists, replacing whitelist_from with
> whitelist_auth, whitelist_spf, and/or whitelist_dkim. And having trouble.
> The simplistic example of
> whitelist_auth bob@example.com example.net
> does not really cut it.
>
> For example, I have the following headers:
>
> Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
> client-ip=76.74.244.76; helo=outbound076.dcm8.com;
> envelope-from=qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e33e@inbound.dcm8.com;
> receiver=someone@bebop.com
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1;
> d=inbound.dcm8.com;
>
> h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:List-Unsubscribe;
> bh=glCJ7SPuJhI+sBNWpIcLUzww974=;
>
> b=xtADEde9s1pYTVT8IBwjLVjOiDNCjf8GY3vaqk7HmMMgRtOzRhRcGZkT+yeKNHwlIOk8iYD9Y6uX
>
> mMrOwIYFJ1H5iX1hn5Mj+Pd3BTpdhxPDd0YUBbfvmoa/W7hj2plUYDtSKt5wGYU8GRjSNj7xK5zx
> juMZm6vlWkfFTwRdyM8=
> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1;
> d=questdiagnosticssurvey.com;
>
> b=mC5TtAPZBG0FwqfSaoAAFEn2hGO193KMoqpRbx/C3CmZ1KTfhcBz+9MsDi5z2dma4tkwLeGXYmMU
>
> IyL3l2Y9bZD5MhpdA3daN8Z2o23QKgHFM7KHxfovtClAniOhoNDukdWhLAumDMlsmg4GG/iutulk
> TbSLKC7h4SYaWu/Y1js=;
> Received: from parking.hostmonster.com (10.0.95.23) by outbound076.dcm8.com
> (PowerMTA(TM) v3.5r15) id hqfm400lr5gd for <so...@bebop.com>; Thu, 23 Mar
> 2017 15:39:28 +0000 (envelope-from
> <QD...@inbound.dcm8.com>)
> Date: Thu, 23 Mar 2017 15:39:28 +0000
> From: Quest Diagnostics <su...@QuestDiagnosticsSurvey.com>
> Reply-To: Quest Diagnostics <su...@QuestDiagnosticsSurvey.com>
>
> I have tried
> whitelist_(spf|auth|dkim) *@QuestDiagnosticsSurvey.com
> (questdiagnosticssurvey.com | inbound.dcm8.com | outbound076.dcm8.com |
> dcm8.com)
> and none seem to work. I get SPF AUTH and DKIM_VALID_AU but no
> USER_IN_WHITELIST.
>
> I have been able to get the whitelist_auth to work for gmail, comcast, and a
> few other places, but this one does not seem to work using the same rules.
>
> From WHERE is one supposed to pull the second parameter for these rules?
I think you are confusing whitelist_(spf|auth|dkim) with
whitelist_from_received
The former only requires single addresses/address-patterns the latter requires
pairs of configuration data.
EG for your example try:
whitelist_auth survey@questdiagnosticssurvey.com
whitelist_spf *@inbound.dcm8.com
One slight potential point of confusion, whitelist_(spf|auth|dkim) allows for
multiple addresses on one line, so it can look a little like
whitelist_from_received which -requires- pairs of conf data but
whitelist_(spf|auth|dkim) actuall works on single address/patterns.
FWIW, I personally like the "def_whitelist_*" form. The def_whitelist_*
varient only gives an addtional -15 score (instead of the -100 from the full
varient). This usually gives the necessary boost to get mis-classified messages
past filtering with out totally swamping nasty spam that sometimes gets emitted
from ordinarily whitelisted sources. (EG when a whitehat business gets
compromised or one of their staff gets phished).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{