You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <mi...@secnap.com> on 2011/07/19 15:57:10 UTC
Q about unwhitelist from:
since hotels.com has started to dkim sign their spam, email, I would
like to unwhitelist their 'spam' from lines.
Yes, it is nice to get hotels.com reservation acks without them being
marked as spam, but maybe if they abuse the privledge, we revoke it.
found this in sa 3.3.2 sa-updated :
60_whitelist_dkim.cf:def_whitelist_from_dkim *@mail.hotels.com
60_whitelist_dkim.cf:def_whitelist_from_dkim *@email.hotels.com
looks like email envelope is normal verp guk:
x-envelope-from:<bo...@bounce.mail.hotels.com>
dkim signed h=mail.hotels.com
header From is info@mail.hotels.com
so, my Q: if sa stock /updated rules have def_whitelist as above, will
this just unwhitelist 'info@'?
unwhitelist_from_dkim info@mail.hotels.com
tflags USER_IN_DEF_DKIM_WL net nice noautolearn
if I add to 'local.cf' so it comes after the def_whitelist_from?
would more specific (info@) override least specific? *@ or is does it
depend on precedence?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: Q about unwhitelist from:
Posted by Mark Martinec <Ma...@ijs.si>.
Michael,
> since hotels.com has started to dkim sign their spam, email, I would
> like to unwhitelist their 'spam' from lines.
>
> Yes, it is nice to get hotels.com reservation acks without them being
> marked as spam, but maybe if they abuse the privledge, we revoke it.
>
> found this in sa 3.3.2 sa-updated :
>
> 60_whitelist_dkim.cf:def_whitelist_from_dkim *@mail.hotels.com
> 60_whitelist_dkim.cf:def_whitelist_from_dkim *@email.hotels.com
>
> [...]
> so, my Q: if sa stock /updated rules have def_whitelist as above, will
> this just unwhitelist 'info@'?
>
> unwhitelist_from_dkim info@mail.hotels.com
> tflags USER_IN_DEF_DKIM_WL net nice noautolearn
>
> if I add to 'local.cf' so it comes after the def_whitelist_from?
>
> would more specific (info@) override least specific? *@ or is does it
> depend on precedence?
The man page Mail::SpamAssassin::Plugin::DKIM says:
unwhitelist_from_dkim author@example.com [signing-domain]
Removes an email address with its corresponding signing-domain field
from def_whitelist_from_dkim and whitelist_from_dkim tables, if it exists.
Parameters to unwhitelist_from_dkim must exactly match the parameters of
a corresponding whitelist_from_dkim or def_whitelist_from_dkim config
option which created the entry, for it to be removed (a domain name is
matched case-insensitively); i.e. if a signing-domain parameter was
specified in a whitelisting command, it must also be specified in the
unwhitelisting command.
So, if the existing rules are
def_whitelist_from_dkim *@mail.hotels.com
def_whitelist_from_dkim *@email.hotels.com
then you need the:
unwhitelist_from_dkim *@mail.hotels.com
unwhitelist_from_dkim *@email.hotels.com
in your local.cf (which does come after all the stock \d\drules.cf)
> would more specific (info@) override least specific? *@ or is does it
> depend on precedence?
Adding and removing whitelist entries goes by exact match of previous
rules. There is only one internal list which is being updated by
whilelist and unwhitelist directives as they are being interpreted,
one after another.
Mark