You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2011/10/31 17:18:33 UTC
Whitelisting with DKIM
Hi,
I have a fedora15 system with sa-3.3.2 and amavisd-2.6.6 and would
like to whitelist messages like these:
Oct 31 11:19:42 mail02 amavis[3518]: (03518-01-20) SPAM-TAG,
<ES...@in.constantcontact.com> ->
<50...@example.com>, No, score=-4.555 tagged_above=-100 required=5
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_IMAGE_RATIO_04=0.61,
HTML_MESSAGE=0.001, KHOP_RCVD_TRUST=-1.75, LOC_SHORT=0.6,
RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_HOSTKARMA_W=-0.1,
RCVD_IN_HOSTKARMA_WL=-1, RCVD_IN_IADB_DK=-0.223,
RCVD_IN_IADB_LISTED=-0.38, RCVD_IN_IADB_OPTIN=-2.057,
RCVD_IN_IADB_RDNS=-0.167, RCVD_IN_IADB_SPF=-0.001,
RCVD_IN_UCEPROTECT2=0.01, RELAYCOUNTRY_US=0.01,
RP_MATCHES_RCVD=-1.201, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01,
URIBL_GREY=1.084] autolearn=unavailable
I've enabled dkim in amavisd.conf:
$enable_dkim_verification = 1; # enable DKIM signatures verification
$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key
and loaded the DKIM module in spamassassin using the message above:
$ spamassassin -t < msg.txt |grep -i dkim
Oct 31 11:28:58.903 [7571] dbg: plugin: loading
Mail::SpamAssassin::Plugin::DKIM from @INC
Oct 31 11:28:59.114 [7571] dbg: config: fixed relative path:
/var/lib/spamassassin/3.003002/updates_spamassassin_org/25_dkim.cf
Oct 31 11:28:59.114 [7571] dbg: config: using
"/var/lib/spamassassin/3.003002/updates_spamassassin_org/25_dkim.cf"
for included file
Oct 31 11:28:59.114 [7571] dbg: config: read file
/var/lib/spamassassin/3.003002/updates_spamassassin_org/25_dkim.cf
Oct 31 11:28:59.175 [7571] dbg: config: fixed relative path:
/var/lib/spamassassin/3.003002/updates_spamassassin_org/60_adsp_override_dkim.cf
Oct 31 11:28:59.175 [7571] dbg: config: using
"/var/lib/spamassassin/3.003002/updates_spamassassin_org/60_adsp_override_dkim.cf"
for included file
Oct 31 11:28:59.176 [7571] dbg: config: read file
/var/lib/spamassassin/3.003002/updates_spamassassin_org/60_adsp_override_dkim.cf
Oct 31 11:28:59.181 [7571] dbg: config: fixed relative path:
/var/lib/spamassassin/3.003002/updates_spamassassin_org/60_whitelist_dkim.cf
Oct 31 11:28:59.181 [7571] dbg: config: using
"/var/lib/spamassassin/3.003002/updates_spamassassin_org/60_whitelist_dkim.cf"
for included file
Oct 31 11:28:59.181 [7571] dbg: config: read file
/var/lib/spamassassin/3.003002/updates_spamassassin_org/60_whitelist_dkim.cf
Oct 31 11:29:01.559 [7571] dbg: rules: ran header rule __DKIM_EXISTS
======> got hit: "<YES>"
Oct 31 11:29:01.610 [7571] dbg: dkim: using Mail::DKIM version 0.39
Oct 31 11:29:01.614 [7571] dbg: dkim: performing public key lookup and
signature verification
Oct 31 11:29:01.620 [7571] dbg: dkim: DKIM, i=@auth.ccsend.com,
d=auth.ccsend.com, s=1000073432, a=rsa-sha256, c=relaxed/relaxed,
pass, does not match author domain
Oct 31 11:29:01.620 [7571] dbg: dkim: signature verification result: PASS
Oct 31 11:29:01.620 [7571] dbg: dkim: adsp: performing lookup on
_adsp._domainkey.bertolini-sales.com
Oct 31 11:29:01.623 [7571] dbg: dkim: adsp result: U/unknown (dns:
unknown), author domain 'bertolini-sales.com'
Oct 31 11:29:01.645 [7571] dbg: dkim: VALID signature by
auth.ccsend.com, author hdnews@bertolini-sales.com, no valid matches
Oct 31 11:29:01.645 [7571] dbg: dkim: author
hdnews@bertolini-sales.com, not in any dkim whitelist
Oct 31 11:29:04.524 [7571] dbg: rules: ran eval rule __DKIM_DEPENDABLE
======> got hit (1)
Oct 31 11:29:04.524 [7571] dbg: rules: ran eval rule DKIM_VALID
======> got hit (1)
Oct 31 11:29:04.525 [7571] dbg: rules: ran eval rule DKIM_SIGNED
======> got hit (1)
Oct 31 11:29:04.733 [7571] info: rules: meta test L_UNVERIFIED_GMAIL
has dependency 'DKIM_VERIFIED' with a zero score
Oct 31 11:29:04.837 [7571] dbg: check:
tests=DKIM_SIGNED,DKIM_VALID,HTML_IMAGE_RATIO_04,HTML_MESSAGE,KHOP_RCVD_TRUST,LOC_SHORT,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_W,RCVD_IN_HOSTKARMA_WL,RCVD_IN_IADB_DK,RCVD_IN_IADB_LISTED,RCVD_IN_IADB_OPTIN,RCVD_IN_IADB_RDNS,RCVD_IN_IADB_SPF,RCVD_IN_UCEPROTECT2,RELAYCOUNTRY_US,RP_MATCHES_RCVD,T_REMOTE_IMAGE,URIBL_GREY
Why does DKIM_VERIFIED have a zero score in 50_scores.cf?
I've added the following entries to local.cf, but I suspect this is
what I'm doing wrong. I don't mean to whitelist all of constant
contact.
whitelist_from_dkim *@in.constantcontact.com
whitelist_from_dkim *@bertolini-sales.com
There is a copy of the full message here:
http://pastebin.com/raw.php?i=pmyFn9f9
Thanks so much for any ideas.
Alex
Re: Whitelisting with DKIM
Posted by Benny Pedersen <me...@junc.org>.
On Mon, 31 Oct 2011 12:18:33 -0400, Alex wrote:
> whitelist_from_dkim *@in.constantcontact.com
> whitelist_from_dkim *@bertolini-sales.com
whitelist_from_dkim *@auth.ccsend.com
Re: Whitelisting with DKIM
Posted by Ned Slider <ne...@unixmail.co.uk>.
On 31/10/11 19:54, Alex wrote:
>
> I'd rather not whitelist all of auth.ccsend.com, but only as it
> relates to bertolini-sales.com, just as I wouldn't want to whitelist
> all of constantcontact.com, or am I misunderstanding?
>
> Thanks again,
> Alex
>
I'm not sure why you feel the need to whitelist these at all given your
posted example already scored -4.555 points. It's not really
whitelisting, it's just adding a *further* negative score for a matched
DKIM signature.
I tend to use DKIM (and/or SPF) whitelisting for ham that is hitting
other rules causing a FP or near FP situation, or in situations where I
want to penalise (score) mail pretending to be from a commonly abused
domain whilst whitelisting genuine mail from that domain (e.g, bank
phish etc).
Re: Whitelisting with DKIM
Posted by Mark Martinec <Ma...@ijs.si>.
Alex,
Then shouldn't it just be eliminated as a rule entirely? There are
also rules that apparently depend on it:
Oct 31 14:22:58.055 [2067] info: rules: meta test L_UNVERIFIED_GMAIL
has dependency 'DKIM_VERIFIED' with a zero score
It looks like perhaps it's there for legacy reasons? From 25_dkim.cf:
# old, declared for compatibility with pre-3.3, should have scores 0
full DKIM_VERIFIED eval:check_dkim_valid()
tflags DKIM_VERIFIED net nice
> I've added the following entries to local.cf, but I suspect this is
> what I'm doing wrong. I don't mean to whitelist all of constant
> contact.
>
> whitelist_from_dkim *@in.constantcontact.com
> whitelist_from_dkim *@bertolini-sales.com
...
> I think you want
> whitelist_from_dkim *@bertolini-sales.com auth.ccsend.com
Yes, that made it work as expected. My example was from the amavisd
docs. Sometimes it has the server name afterwards, and sometimes it
doesn't:
whitelist_from_dkim *@ebay.com
whitelist_from_dkim *@* paypal.com
It sounds like it's just a way to provide more fine-grained control?
Benny wrote:
> whitelist_from_dkim *@auth.ccsend.com
I'd rather not whitelist all of auth.ccsend.com, but only as it
relates to bertolini-sales.com, just as I wouldn't want to whitelist
all of constantcontact.com, or am I misunderstanding?
Thanks again,
Alex
Re: Whitelisting with DKIM
Posted by Benny Pedersen <me...@junc.org>.
On Mon, 31 Oct 2011 15:54:10 -0400, Alex wrote:
>> whitelist_from_dkim *@bertolini-sales.com auth.ccsend.com
>> whitelist_from_dkim *@auth.ccsend.com
> I'd rather not whitelist all of auth.ccsend.com, but only as it
> relates to bertolini-sales.com, just as I wouldn't want to whitelist
> all of constantcontact.com, or am I misunderstanding?
ah did not think why both options exists, now i know why, learning each
day, cool
Re: Whitelisting with DKIM
Posted by Alex <my...@gmail.com>.
Hi,
> Why does DKIM_VERIFIED have a zero score in 50_scores.cf?
>
> Anybody, including spammers, can do DKIM. You could make have it
> a small negative score like -0.5 or so.
Then shouldn't it just be eliminated as a rule entirely? There are
also rules that apparently depend on it:
Oct 31 14:22:58.055 [2067] info: rules: meta test L_UNVERIFIED_GMAIL
has dependency 'DKIM_VERIFIED' with a zero score
It looks like perhaps it's there for legacy reasons? From 25_dkim.cf:
# old, declared for compatibility with pre-3.3, should have scores 0
full DKIM_VERIFIED eval:check_dkim_valid()
tflags DKIM_VERIFIED net nice
> I've added the following entries to local.cf, but I suspect this is
> what I'm doing wrong. I don't mean to whitelist all of constant
> contact.
>
> whitelist_from_dkim *@in.constantcontact.com
> whitelist_from_dkim *@bertolini-sales.com
...
> I think you want
> whitelist_from_dkim *@bertolini-sales.com auth.ccsend.com
Yes, that made it work as expected. My example was from the amavisd
docs. Sometimes it has the server name afterwards, and sometimes it
doesn't:
whitelist_from_dkim *@ebay.com
whitelist_from_dkim *@* paypal.com
It sounds like it's just a way to provide more fine-grained control?
Benny wrote:
> whitelist_from_dkim *@auth.ccsend.com
I'd rather not whitelist all of auth.ccsend.com, but only as it
relates to bertolini-sales.com, just as I wouldn't want to whitelist
all of constantcontact.com, or am I misunderstanding?
Thanks again,
Alex
Re: Whitelisting with DKIM
Posted by Jeff Mincy <je...@delphioutpost.com>.
From: Alex <my...@gmail.com>
Date: Mon, 31 Oct 2011 12:18:33 -0400
I have a fedora15 system with sa-3.3.2 and amavisd-2.6.6 and would
like to whitelist messages like these:
Oct 31 11:19:42 mail02 amavis[3518]: (03518-01-20) SPAM-TAG,
<ES...@in.constantcontact.com> ->
<50...@example.com>, No, score=-4.555 tagged_above=-100 required=5
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_IMAGE_RATIO_04=0.61,
HTML_MESSAGE=0.001, KHOP_RCVD_TRUST=-1.75, LOC_SHORT=0.6,
I've enabled dkim in amavisd.conf:
$enable_dkim_verification = 1; # enable DKIM signatures verification
$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key
...
Oct 31 11:29:04.733 [7571] info: rules: meta test L_UNVERIFIED_GMAIL
has dependency 'DKIM_VERIFIED' with a zero score
Oct 31 11:29:04.837 [7571] dbg: check:
tests=DKIM_SIGNED,DKIM_VALID,HTML_IMAGE_RATIO_04,HTML_MESSAGE,KHOP_RCVD_TRUST,LOC_SHORT,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_W,RCVD_IN_HOSTKARMA_WL,RCVD_IN_IADB_DK,RCVD_IN_IADB_LISTED,RCVD_IN_IADB_OPTIN,RCVD_IN_IADB_RDNS,RCVD_IN_IADB_SPF,RCVD_IN_UCEPROTECT2,RELAYCOUNTRY_US,RP_MATCHES_RCVD,T_REMOTE_IMAGE,URIBL_GREY
Why does DKIM_VERIFIED have a zero score in 50_scores.cf?
Anybody, including spammers, can do DKIM. You could make have it
a small negative score like -0.5 or so.
I've added the following entries to local.cf, but I suspect this is
what I'm doing wrong. I don't mean to whitelist all of constant
contact.
whitelist_from_dkim *@in.constantcontact.com
whitelist_from_dkim *@bertolini-sales.com
There is a copy of the full message here:
http://pastebin.com/raw.php?i=pmyFn9f9
Thanks so much for any ideas.
Alex
I think you want
whitelist_from_dkim *@bertolini-sales.com auth.ccsend.com
The auth.ccsend.com comes from the signature line
DKIM-Signature: ... d=auth.ccsend.com
-jeff