You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by km...@apache.org on 2020/09/17 21:42:17 UTC
svn commit: r1881803 - in /spamassassin/trunk: lib/Mail/SpamAssassin/Conf.pm
lib/Mail/SpamAssassin/Plugin/DKIM.pm
lib/Mail/SpamAssassin/Plugin/WLBLEval.pm rules/60_whitelist.cf
t/spamd_welcomelist_leak.t t/welcomelist_from.t
Author: kmcgrail
Date: Thu Sep 17 21:42:17 2020
New Revision: 1881803
URL: http://svn.apache.org/viewvc?rev=1881803&view=rev
Log:
whitelist_from_rcvd to welcomelist_from_rcvd, unwhitelist_from_rcvd to unwelcomelist_from_rcvd, def_whitelist_from_rcvd to def_welcomelist_from_rcvd for bug 7826
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/WLBLEval.pm
spamassassin/trunk/rules/60_whitelist.cf
spamassassin/trunk/t/spamd_welcomelist_leak.t
spamassassin/trunk/t/welcomelist_from.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm?rev=1881803&r1=1881802&r2=1881803&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm Thu Sep 17 21:42:17 2020
@@ -298,7 +298,7 @@ Used to whitelist sender addresses which
Use of this setting is not recommended, since it blindly trusts the message,
which is routinely and easily forged by spammers and phish senders. The
recommended solution is to instead use C<whitelist_auth> or other authenticated
-whitelisting methods, or C<whitelist_from_rcvd>.
+whitelisting methods, or C<welcomelist_from_rcvd>.
Whitelist and blacklist addresses are now file-glob-style patterns, so
C<fr...@somewhere.com>, C<*...@isp.com>, or C<*.domain.net> will all work.
@@ -357,7 +357,9 @@ e.g.
code => \&Mail::SpamAssassin::Conf::Parser::remove_addrlist_value
});
-=item whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
+=item welcomelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
+
+Previously whitelist_from_rcvd which will work interchangeably until 4.1.
Works similarly to welcomelist_from (previously whitelist_from), except that in addition to matching
a sender address, a relay's rDNS name or its IP address must match too
@@ -394,24 +396,27 @@ result in the generated Received header
e.g.
- whitelist_from_rcvd joe@example.com example.com
- whitelist_from_rcvd *@* mail.example.org
- whitelist_from_rcvd *@axkit.org [192.0.2.123]
- whitelist_from_rcvd *@axkit.org [192.0.2.0/24]
- whitelist_from_rcvd *@axkit.org [192.0.2.0]/24
- whitelist_from_rcvd *@axkit.org [2001:db8:1234::/48]
- whitelist_from_rcvd *@axkit.org [2001:db8:1234::]/48
+ welcomelist_from_rcvd joe@example.com example.com
+ welcomelist_from_rcvd *@* mail.example.org
+ welcomelist_from_rcvd *@axkit.org [192.0.2.123]
+ welcomelist_from_rcvd *@axkit.org [192.0.2.0/24]
+ welcomelist_from_rcvd *@axkit.org [192.0.2.0]/24
+ welcomelist_from_rcvd *@axkit.org [2001:db8:1234::/48]
+ welcomelist_from_rcvd *@axkit.org [2001:db8:1234::]/48
-=item def_whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
+=item def_welcomelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
-Same as C<whitelist_from_rcvd>, but used for the default whitelist entries
-in the SpamAssassin distribution. The whitelist score is lower, because
+Previously def_whitelist_from_rcvd which will work interchangeably until 4.1.
+
+Same as C<welcomelist_from_rcvd>, but used for the default welcomelist entries
+in the SpamAssassin distribution. The welcomelist score is lower, because
these are often targets for spammer spoofing.
=cut
push (@cmds, {
- setting => 'whitelist_from_rcvd',
+ setting => 'welcomelist_from_rcvd',
+ aliases => ['whitelist_from_rcvd'], # backward compatible - to be removed for 4.1
type => $CONF_TYPE_ADDRLIST,
code => sub {
my ($self, $key, $value, $line) = @_;
@@ -421,13 +426,14 @@ these are often targets for spammer spoo
unless ($value =~ /^\S+\s+\S+$/) {
return $INVALID_VALUE;
}
- $self->{parser}->add_to_addrlist_rcvd ('whitelist_from_rcvd',
+ $self->{parser}->add_to_addrlist_rcvd ('welcomelist_from_rcvd',
split(/\s+/, $value));
}
});
push (@cmds, {
- setting => 'def_whitelist_from_rcvd',
+ setting => 'def_welcomelist_from_rcvd',
+ aliases => ['def_whitelist_from_rcvd'],
type => $CONF_TYPE_ADDRLIST,
code => sub {
my ($self, $key, $value, $line) = @_;
@@ -437,16 +443,16 @@ these are often targets for spammer spoo
unless ($value =~ /^\S+\s+\S+$/) {
return $INVALID_VALUE;
}
- $self->{parser}->add_to_addrlist_rcvd ('def_whitelist_from_rcvd',
+ $self->{parser}->add_to_addrlist_rcvd ('def_welcomelist_from_rcvd',
split(/\s+/, $value));
}
});
=item whitelist_allows_relays user@example.com
-Specify addresses which are in C<whitelist_from_rcvd> that sometimes
+Specify addresses which are in C<welcomelist_from_rcvd> that sometimes
send through a mail relay other than the listed ones. By default mail
-with a From address that is in C<whitelist_from_rcvd> that does not match
+with a From address that is in C<welcomelist_from_rcvd> that does not match
the relay will trigger a forgery rule. Including the address in
C<whitelist_allows_relay> prevents that.
@@ -460,7 +466,7 @@ Multiple addresses per line, separated b
C<whitelist_allows_relays> lines are also OK.
The specified email address does not have to match exactly the address
-previously used in a whitelist_from_rcvd line as it is compared to the
+previously used in a welcomelist_from_rcvd line as it is compared to the
address in the header.
e.g.
@@ -475,25 +481,28 @@ e.g.
type => $CONF_TYPE_ADDRLIST,
});
-=item unwhitelist_from_rcvd user@example.com
+=item unwelcomelist_from_rcvd user@example.com
+
+Previously unwhitelist_from_rcvd which will work interchangeably until 4.1.
-Used to remove a default whitelist_from_rcvd or def_whitelist_from_rcvd
-entry, so for example a distribution whitelist_from_rcvd can be overridden
-in a local.cf file, or an individual user can override a whitelist_from_rcvd
+Used to remove a default welcomelist_from_rcvd (previously whitelist_from_rcvd) or def_welcomelist_from_rcvd (previously def_whitelist_from_rcvd)
+entry, so for example a distribution welcomelist_from_rcvd can be overridden
+in a local.cf file, or an individual user can override a welcomelist_from_rcvd
entry in their own C<user_prefs> file.
The specified email address has to match exactly the address previously
-used in a whitelist_from_rcvd line.
+used in a welcomelist_from_rcvd line.
e.g.
- unwhitelist_from_rcvd joe@example.com fred@example.com
- unwhitelist_from_rcvd *@axkit.org
+ unwelcomelist_from_rcvd joe@example.com fred@example.com
+ unwelcomelist_from_rcvd *@axkit.org
=cut
push (@cmds, {
- setting => 'unwhitelist_from_rcvd',
+ setting => 'unwelcomelist_from_rcvd',
+ aliases => ['unwhitelist_from_rcvd'],
type => $CONF_TYPE_ADDRLIST,
code => sub {
my ($self, $key, $value, $line) = @_;
@@ -503,9 +512,9 @@ e.g.
unless ($value =~ /^(?:\S+(?:\s+\S+)*)$/) {
return $INVALID_VALUE;
}
- $self->{parser}->remove_from_addrlist_rcvd('whitelist_from_rcvd',
+ $self->{parser}->remove_from_addrlist_rcvd('welcomelist_from_rcvd',
split (/\s+/, $value));
- $self->{parser}->remove_from_addrlist_rcvd('def_whitelist_from_rcvd',
+ $self->{parser}->remove_from_addrlist_rcvd('def_welcomelist_from_rcvd',
split (/\s+/, $value));
}
});
@@ -618,7 +627,7 @@ be blacklisted. Same format as C<blackl
=item whitelist_auth user@example.com
Used to specify addresses which send mail that is often tagged (incorrectly) as
-spam. This is different from C<welcomelist_from> and C<whitelist_from_rcvd> in
+spam. This is different from C<welcomelist_from> and C<welcomelist_from_rcvd> in
that it first verifies that the message was sent by an authorized sender for
the address, before whitelisting.
@@ -4813,8 +4822,8 @@ sub new {
$self->{welcomelist_from} = { };
$self->{whitelist_allows_relays} = { };
$self->{blacklist_from} = { };
- $self->{whitelist_from_rcvd} = { };
- $self->{def_whitelist_from_rcvd} = { };
+ $self->{welcomelist_from_rcvd} = { };
+ $self->{def_welcomelist_from_rcvd} = { };
$self->{blacklist_to} = { };
$self->{welcomelist_to} = { };
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm?rev=1881803&r1=1881802&r2=1881803&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm Thu Sep 17 21:42:17 2020
@@ -187,10 +187,10 @@ an author address (From) to the pattern
must also carry a valid Domain Keys Identified Mail (DKIM) signature made by
a signing domain (SDID, i.e. the d= tag) that is acceptable to us.
-Only one whitelist entry is allowed per line, as in C<whitelist_from_rcvd>.
+Only one whitelist entry is allowed per line, as in C<welcomelist_from_rcvd>.
Multiple C<whitelist_from_dkim> lines are allowed. File-glob style characters
are allowed for the From address (the first parameter), just like with
-C<whitelist_from_rcvd>.
+C<welcomelist_from_rcvd>.
The second parameter (the signing-domain) does not accept full file-glob style
wildcards, although a simple '*.' (or just a '.') prefix to a domain name
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/WLBLEval.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/WLBLEval.pm?rev=1881803&r1=1881802&r2=1881803&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/WLBLEval.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/WLBLEval.pm Thu Sep 17 21:42:17 2020
@@ -228,7 +228,7 @@ sub _check_from_in_welcomelist {
$pms->{from_in_welcomelist} = 1;
return;
}
- my $wh = $self->_check_whitelist_rcvd ($pms, $self->{main}->{conf}->{whitelist_from_rcvd}, $_);
+ my $wh = $self->_check_whitelist_rcvd ($pms, $self->{main}->{conf}->{welcomelist_from_rcvd}, $_);
if ($wh == 1) {
$pms->{from_in_welcomelist} = 1;
return;
@@ -248,7 +248,7 @@ sub _check_from_in_default_whitelist {
my ($self, $pms) = @_;
my $found_match = 0;
foreach ($pms->all_from_addrs()) {
- my $wh = $self->_check_whitelist_rcvd ($pms, $self->{main}->{conf}->{def_whitelist_from_rcvd}, $_);
+ my $wh = $self->_check_whitelist_rcvd ($pms, $self->{main}->{conf}->{def_welcomelist_from_rcvd}, $_);
if ($wh == 1) {
$pms->{from_in_default_whitelist} = 1;
return;
@@ -342,10 +342,10 @@ sub _check_whitelist_rcvd {
foreach my $white_addr (keys %{$list}) {
my $regexp = $list->{$white_addr}{re};
foreach my $domain (@{$list->{$white_addr}{domain}}) {
- # $domain is a second param in whitelist_from_rcvd: a domain name or an IP address
+ # $domain is a second param in welcomelist_from_rcvd: a domain name or an IP address
if ($addr =~ $regexp) {
- # From or sender address matching the first param in whitelist_from_rcvd
+ # From or sender address matching the first param in welcomelist_from_rcvd
my $match;
foreach my $lastunt (@relays) {
local($1,$2);
Modified: spamassassin/trunk/rules/60_whitelist.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rules/60_whitelist.cf?rev=1881803&r1=1881802&r2=1881803&view=diff
==============================================================================
--- spamassassin/trunk/rules/60_whitelist.cf (original)
+++ spamassassin/trunk/rules/60_whitelist.cf Thu Sep 17 21:42:17 2020
@@ -139,6 +139,6 @@ endif
# Should really not be used these days, use def_whitelist_auth if possible.
-# def_whitelist_from_rcvd *@foo.com foo.com
+# def_welcomelist_from_rcvd *@foo.com foo.com
endif
Modified: spamassassin/trunk/t/spamd_welcomelist_leak.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/spamd_welcomelist_leak.t?rev=1881803&r1=1881802&r2=1881803&view=diff
==============================================================================
--- spamassassin/trunk/t/spamd_welcomelist_leak.t (original)
+++ spamassassin/trunk/t/spamd_welcomelist_leak.t Thu Sep 17 21:42:17 2020
@@ -26,8 +26,8 @@ open (OUT, ">log/virtualconfig/testuser1
print OUT q{
welcomelist_from sb55sb123456789@yahoo.com
- whitelist_from_rcvd sb55sb123456789@yahoo.com cgocable.ca
- whitelist_from_rcvd sb55sb123456789@yahoo.com webnote.net
+ welcomelist_from_rcvd sb55sb123456789@yahoo.com cgocable.ca
+ welcomelist_from_rcvd sb55sb123456789@yahoo.com webnote.net
};
close OUT;
Modified: spamassassin/trunk/t/welcomelist_from.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/welcomelist_from.t?rev=1881803&r1=1881802&r2=1881803&view=diff
==============================================================================
--- spamassassin/trunk/t/welcomelist_from.t (original)
+++ spamassassin/trunk/t/welcomelist_from.t Thu Sep 17 21:42:17 2020
@@ -10,17 +10,17 @@ plan tests => 32;
# ---------------------------------------------------------------------------
tstprefs ("
- def_whitelist_from_rcvd *\@paypal.com paypal.com
- def_whitelist_from_rcvd *\@paypal.com ebay.com
- def_whitelist_from_rcvd mumble\@example.com example.com
- whitelist_from_rcvd foo\@example.com spamassassin.org
- whitelist_from_rcvd foo\@example.com example.com
- whitelist_from_rcvd bar\@example.com example.com
+ def_welcomelist_from_rcvd *\@paypal.com paypal.com
+ def_welcomelist_from_rcvd *\@paypal.com ebay.com
+ def_welcomelist_from_rcvd mumble\@example.com example.com
+ welcomelist_from_rcvd foo\@example.com spamassassin.org
+ welcomelist_from_rcvd foo\@example.com example.com
+ welcomelist_from_rcvd bar\@example.com example.com
whitelist_allows_relays bar\@example.com
welcomelist_from baz\@example.com
welcomelist_from bam\@example.com
unwhitelist_from bam\@example.com
- unwhitelist_from_rcvd mumble\@example.com
+ unwelcomelist_from_rcvd mumble\@example.com
");
# tests 1 - 4 does welcomelist_from (previously whitelist_from) work?
@@ -36,11 +36,11 @@ tstprefs ("
sarun ("-L -t < data/nice/008", \&patterns_run_cb);
ok_all_patterns();
-# tests 5 - 8 does whitelist_from_rcvd work?
+# tests 5 - 8 does welcomelist_from_rcvd work?
sarun ("-L -t < data/nice/009", \&patterns_run_cb);
ok_all_patterns();
-# tests 9 - 12 second relay specified for same addr in whitelist_from_rcvd
+# tests 9 - 12 second relay specified for same addr in welcomelist_from_rcvd
sarun ("-L -t < data/nice/010", \&patterns_run_cb);
ok_all_patterns();
@@ -54,11 +54,11 @@ ok_all_patterns();
q{ FORGED_IN_DEF_WHITELIST }, 'a8'
);
-# tests 13 - 16 does def_whitelist_from_rcvd work?
+# tests 13 - 16 does def_welcomelist_from_rcvd work?
sarun ("-L -t < data/nice/011", \&patterns_run_cb);
ok_all_patterns();
-# tests 17 - 20 second relay specified for same addr in def_whitelist_from_rcvd
+# tests 17 - 20 second relay specified for same addr in def_welcomelist_from_rcvd
sarun ("-L -t < data/nice/012", \&patterns_run_cb);
ok_all_patterns();
@@ -79,7 +79,7 @@ ok_all_patterns();
sarun ("-L -t < data/nice/014", \&patterns_run_cb);
ok_all_patterns();
-# tests 29 - 32 does unwhitelist_from_rcvd work?
+# tests 29 - 32 does unwelcomelist_from_rcvd work?
sarun ("-L -t < data/nice/015", \&patterns_run_cb);
ok_all_patterns();