Whitelist on List-ID

[Rick Knight <ri...@rlknight.com>]

I belong to several mailing lists and newsgroups. Messages from one 
particular list is almost always marked as spam by spamassassin. I've 
tried to whitelist this group but the from header matches the address of 
the original message sender, not the group address. Is there a way to 
whitelist on the List-ID header?

Thanks,
Rick

Re: Whitelist on List-ID

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

> Rick Knight <ri...@rlknight.com> writes:
> 
> > -0.0 DKIM_VERIFIED          Domain Keys Identified Mail: signature
> > passes verification
> > 0.0 DKIM_SIGNED            Domain Keys Identified Mail: message has a
> > signature

On 23.01.10 15:46, Greg Troxel wrote:
> I supsect this isn't your issue, but I have been finding that DKIM
> signature often fail to validate on list mail, and I think it's becaues
> they cover Subject: and the lists munge subject.  Thus DKIM detects the
> tampering...

Heh, another good reason NOT to modify subject by the list software. :)
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.

Re: Whitelist on List-ID

[Greg Troxel <gd...@ir.bbn.com>]

Rick Knight <ri...@rlknight.com> writes:

> -0.0 DKIM_VERIFIED          Domain Keys Identified Mail: signature
> passes verification
> 0.0 DKIM_SIGNED            Domain Keys Identified Mail: message has a
> signature

I supsect this isn't your issue, but I have been finding that DKIM
signature often fail to validate on list mail, and I think it's becaues
they cover Subject: and the lists munge subject.  Thus DKIM detects the
tampering...

Re: Whitelist on List-ID

[Rick Knight <ri...@rlknight.com>]

Mike Cardwell wrote:
> On 22/01/2010 04:05, Matt Kettler wrote:
>
>> Alex, if whitelist_from doesn't work, whitelist_from_rcvd won't either.
>> That's *more* restrictive, not less.
>>
>> Rick, if you've been using "users@spamassassin.apache.org" try using
>> *@spamassassin.apache.org instead. If you've got envelope FROM headers
>> added (ie: Return-Path), this should match them. The return-path for
>> this list is of the general format:
>>
>> users-return-86375-mkettler_sa=verizon.net@spamassassin.apache.org
>
> Don't forget "whitelist_from_spf" and "whitelist_from_dkim". If 
> SPF/DKIM are available, you're better off using them than 
> "whitelist_from" or even "whitelist_from_rcvd". Personally I use this 
> to whitelist all Apache mailing lists, including the SpamAssassin one:
>
> whitelist_from_spf *@*.apache.org
>
I see this in the headers of all the messages from this group...

v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoogroups.com; s=lima;
t=1264217926; bh=NprgjkDjsJLd2QWQwGRr0PMcYicrF1nZOOdpX5Xpflo=;
h=Received:Received:X-Yahoo-Newman-Id:Received:Received:Received:DKIM-Signature:Received:Received:X-Sender:X-Apparently-To:X-Received:X-Received:X-Received:X-Received:X-Received:X-Received:X-Received:Message-ID:X-YMail-OSG:X-Received:X-Mailer:To:X-Originating-IP:X-eGroups-Msg-Info:From:X-Yahoo-Profile:X-eGroups-Approved-By:Sender:MIME-Version:Mailing-List:Delivered-To:List-Id:Precedence:List-Unsubscribe:Date:Subject:X-Yahoo-Newman-Property:Content-Type; 

b=N+dKX5lx0vNHUqv2hWm+eCfGzHvChL6Jp8XYHO2uq/A+HJUct0oRgnpqlNiIkxXezOHEu6kgqJfR3gmyC5cQaM8oeksq9Lr+d+MQSdOS9n8ezVHIxtCYLHDqfAK2VoeU

and this in the SA report...

-0.0 DKIM_VERIFIED          Domain Keys Identified Mail: signature 
passes verification
0.0 DKIM_SIGNED            Domain Keys Identified Mail: message has a 
signature


so I've added

whitelist_from_dkim *@yahoogroups.com

to my local.cf. It didn't seem to make any difference. I do have dkim
checks enabled.  Am I using this incorrectly?

Thanks,
Rick

Re: Whitelist on List-ID

[Rick Knight <ri...@rlknight.com>]

Mike Cardwell wrote:
> On 22/01/2010 04:05, Matt Kettler wrote:
>
>> Alex, if whitelist_from doesn't work, whitelist_from_rcvd won't either.
>> That's *more* restrictive, not less.
>>
>> Rick, if you've been using "users@spamassassin.apache.org" try using
>> *@spamassassin.apache.org instead. If you've got envelope FROM headers
>> added (ie: Return-Path), this should match them. The return-path for
>> this list is of the general format:
>>
>> users-return-86375-mkettler_sa=verizon.net@spamassassin.apache.org
>
> Don't forget "whitelist_from_spf" and "whitelist_from_dkim". If 
> SPF/DKIM are available, you're better off using them than 
> "whitelist_from" or even "whitelist_from_rcvd". Personally I use this 
> to whitelist all Apache mailing lists, including the SpamAssassin one:
>
> whitelist_from_spf *@*.apache.org
>
Thanks for all of the suggestions. I'm going to try

whitelist_from_dkim *@yahoogroups.com

I'll post back here with results.

Thanks again,
Rick

Re: Whitelist on List-ID

[Mike Cardwell <sp...@lists.grepular.com>]

On 22/01/2010 04:05, Matt Kettler wrote:

> Alex, if whitelist_from doesn't work, whitelist_from_rcvd won't either.
> That's *more* restrictive, not less.
>
> Rick, if you've been using "users@spamassassin.apache.org" try using
> *@spamassassin.apache.org instead. If you've got envelope FROM headers
> added (ie: Return-Path), this should match them. The return-path for
> this list is of the general format:
>
> users-return-86375-mkettler_sa=verizon.net@spamassassin.apache.org

Don't forget "whitelist_from_spf" and "whitelist_from_dkim". If SPF/DKIM 
are available, you're better off using them than "whitelist_from" or 
even "whitelist_from_rcvd". Personally I use this to whitelist all 
Apache mailing lists, including the SpamAssassin one:

whitelist_from_spf *@*.apache.org

-- 
Mike Cardwell    : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/       #06920226
Technical Blog   : Tech Blog  - https://secure.grepular.com/
Spamalyser       : Spam Tool  - http://spamalyser.com/

Re: Whitelist on List-ID

[Alex <my...@gmail.com>]

Hi,

>> Try whitelist_from_rcvd instead:
>>
>> http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html

> Alex, if whitelist_from doesn't work, whitelist_from_rcvd won't either.
> That's *more* restrictive, not less.

Yes, good point, thanks. I didn't think he was using any of the
whitelist_from* because it's pretty simple to use and never heard of
someone having a problem.

> Rick, if you've been using "users@spamassassin.apache.org" try using
> *@spamassassin.apache.org instead. If you've got envelope FROM headers
> added (ie: Return-Path), this should match them. The return-path for
> this list is of the general format:

Maybe I misunderstood his problem?

I thought he was saying mail from the list was reaching him as "from:"
the subscriber, not the mailing list name itself, such as
users@spamassassin.apache.org.

> If that doesn't work I really would try to get your system to pass this
> info into the headers, as several rules can't work properly without it
> (ie: SPF). MDA layer processing in procmail and the like is rarely a
> problem, but MTA layer calls often occur before this is added. It is
> common for MTA layer integration tools to do this for you by adding a
> dummy Return-Path header, but if you've just added a spamc call directly
> into one of your MTA's config files, this problem usually shows.

I'm not having this problem, but can you explain how this might be
done with postfix? Perhaps off-topic, but as it relates to building a
proper rule with SA....

Thanks,
Alex

Re: Whitelist on List-ID

[Matt Kettler <mk...@verizon.net>]

On 1/21/2010 10:46 PM, Alex wrote:
> Hi,
>
>   
>> I belong to several mailing lists and newsgroups. Messages from one
>> particular list is almost always marked as spam by spamassassin. I've tried
>> to whitelist this group but the from header matches the address of the
>> original message sender, not the group address. Is there a way to whitelist
>> on the List-ID header?
>>     
> Try whitelist_from_rcvd instead:
>
> http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
>
> Or create a header rule that subtracts 5 from the mail server for the
> mailing list:
>
> header  MY_MAILLIST   Received =~ /.mailserver.com/
>
> Regards,
> Alex
>
>   
Alex, if whitelist_from doesn't work, whitelist_from_rcvd won't either.
That's *more* restrictive, not less.

Rick, if you've been using "users@spamassassin.apache.org" try using
*@spamassassin.apache.org instead. If you've got envelope FROM headers
added (ie: Return-Path), this should match them. The return-path for
this list is of the general format:

users-return-86375-mkettler_sa=verizon.net@spamassassin.apache.org


If that doesn't work I really would try to get your system to pass this
info into the headers, as several rules can't work properly without it
(ie: SPF). MDA layer processing in procmail and the like is rarely a
problem, but MTA layer calls often occur before this is added. It is
common for MTA layer integration tools to do this for you by adding a
dummy Return-Path header, but if you've just added a spamc call directly
into one of your MTA's config files, this problem usually shows.

Re: Whitelist on List-ID

[Alex <my...@gmail.com>]

Hi,

> I belong to several mailing lists and newsgroups. Messages from one
> particular list is almost always marked as spam by spamassassin. I've tried
> to whitelist this group but the from header matches the address of the
> original message sender, not the group address. Is there a way to whitelist
> on the List-ID header?

Try whitelist_from_rcvd instead:

http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html

Or create a header rule that subtracts 5 from the mail server for the
mailing list:

header  MY_MAILLIST   Received =~ /.mailserver.com/

Regards,
Alex

Re: Whitelist on List-ID

[Johann Spies <js...@sun.ac.za>]

On Thu, Jan 21, 2010 at 09:08:05PM -0700, LuKreme wrote:
> You shouldn't be sending ANY mailinglists through SpamAssassin.

Why not?  A lot of mailing lists are used by spammers.

Regards
Johann


-- 
Johann Spies          Telefoon: 021-808 4599
Informasietegnologie, Universiteit van Stellenbosch

     "He that giveth unto the poor shall not lack: but he
      that hideth his eyes shall have many a curse."
                         Proverbs 28:27 

Re: Whitelist on List-ID

[LuKreme <kr...@kreme.com>]

On 21-Jan-2010, at 22:25, Benny Pedersen wrote:
> On Fri 22 Jan 2010 05:08:05 AM CET, LuKreme wrote
> 
>> On Jan 21, 2010, at 20:24, Rick Knight <ri...@rlknight.com> wrote:
>>> I belong to several mailing lists and newsgroups. Messages from one particular list is almost always marked as spam by spamassassin.
>> 
>> You shouldn't be sending ANY mailinglists through SpamAssassin.
> 
> in my headers:
> 
> X-ASF-Spam-Status: No,

I never said that a list should not filter its mail through SpamAssassin. the recipient should not be.

-- 
THERE WAS NO ROMAN GOD NAMED "FARTICUS"
	Bart chalkboard Ep. 5F06

Re: Whitelist on List-ID

[Benny Pedersen <me...@junc.org>]

On Fri 22 Jan 2010 05:08:05 AM CET, LuKreme wrote

> On Jan 21, 2010, at 20:24, Rick Knight <ri...@rlknight.com> wrote:
>> I belong to several mailing lists and newsgroups. Messages from one  
>> particular list is almost always marked as spam by spamassassin.
>
> You shouldn't be sending ANY mailinglists through SpamAssassin.

in my headers:

X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS
X-Spam-Status: No, score=-11.577 tagged_above=-999 required=5  
tests=[AWL=-0.477, BAYES_00=-2.599, MAILLISTS=-3.5, SPF_PASS=-0.001,  
USER_IN_SPF_WHITELIST=-5] autolearn=no

in amavisd it could be nice if apache.org add dkim to the maillist  
outgoing mails so atleast amavisd can drop spam check on this mails  
from apache org :)

until then, one could make a spf shourtcicurit rule to stop based on  
spf pass, i am just to laisy to make it

-- 
xpoint http://www.unicom.com/pw/reply-to-harmful.html

Re: [sa] Re: Whitelist on List-ID

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

> On 22.01.10 09:49, Charles Gregory wrote:
[...]
On 22.01.10 19:28, Matus UHLAR - fantomas wrote:
> Btw Have I already asked you for using something standard ('>') for quoting?

ops, I did, you did, just in another thread I read later. Sorry
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have. 

Re: Whitelist on List-ID

[Charles Gregory <cg...@hwcn.org>]

On Fri, 22 Jan 2010, Matus UHLAR - fantomas wrote:
>> On Thu, 21 Jan 2010, LuKreme wrote:
>> : You shouldn't be sending ANY mailinglists through SpamAssassin.
> On 22.01.10 09:49, Charles Gregory wrote:
>> Say what? And how exactly do you propose to do that for hundreds of users,
>> any of whom could be subscribed to many different lists? Far too much for
>> any manual system (presuming you could even get the cooperation of users
>> who are mostly oblivious to our filtering efforts).
>>
>> If you are suggesting something automated, how would you suggest that I
>> identify legitimate mailing lists separate from spammer-faked 'mailing
>> lists'? X-List headers cannot be relied upon....
>
> I'd simply say: try to avoid feeding to SA mail from known/trusted
> lists/IPs... I think that's reasonable.

I didn't say it was a bad idea, I asked HOW it could be done for hundreds 
of users, each with their own collection of 'trusted' sources, of which I 
know nothing (and probably shouldn't due to privacy laws).

The only thing I can picture, technically, is a kind of auto-whitelist, or 
a user-specified whitelist.

The former is subject to various pitfalls, as I've already experienced on 
my system, and the latter, even though available to the user as a post-SA 
filtering option, tends to get ignored by 95% of users. So the extra 
effort to inject a per-user whitelist mechanism into the MTA would seem to 
be a waste of time.

I'm all for 'reasonable' suggestions, but they really do need to be 
'reasonable' in the context of the user base. :)

- Charles

Re: [sa] Re: Whitelist on List-ID

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

> On Thu, 21 Jan 2010, LuKreme wrote:
> : You shouldn't be sending ANY mailinglists through SpamAssassin.

On 22.01.10 09:49, Charles Gregory wrote:
> Say what? And how exactly do you propose to do that for hundreds of users, 
> any of whom could be subscribed to many different lists? Far too much for 
> any manual system (presuming you could even get the cooperation of users 
> who are mostly oblivious to our filtering efforts).
> 
> If you are suggesting something automated, how would you suggest that I 
> identify legitimate mailing lists separate from spammer-faked 'mailing 
> lists'? X-List headers cannot be relied upon....

I'd simply say: try to avoid feeding to SA mail from known/trusted
lists/IPs... I think that's reasonable.

Btw Have I already asked you for using something standard ('>') for quoting?

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes. 

Re: [sa] Re: Whitelist on List-ID

[Charles Gregory <cg...@hwcn.org>]

On Thu, 21 Jan 2010, LuKreme wrote:
: You shouldn't be sending ANY mailinglists through SpamAssassin.

Say what? And how exactly do you propose to do that for hundreds of users, 
any of whom could be subscribed to many different lists? Far too much for 
any manual system (presuming you could even get the cooperation of users 
who are mostly oblivious to our filtering efforts).

If you are suggesting something automated, how would you suggest that I 
identify legitimate mailing lists separate from spammer-faked 'mailing 
lists'? X-List headers cannot be relied upon....

- C

Re: Whitelist on List-ID

[LuKreme <kr...@kreme.com>]

On Jan 21, 2010, at 20:24, Rick Knight <ri...@rlknight.com> wrote:
> I belong to several mailing lists and newsgroups. Messages from one  
> particular list is almost always marked as spam by spamassassin.

You shouldn't be sending ANY mailinglists through SpamAssassin.