You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "@lbutlr" <kr...@kreme.com> on 2019/03/14 22:50:01 UTC
Whitelist_from??
I've been having a lot of problems with emails from comixology getting tagged as spam and then the message attachment is often, but not always, corrupt.
Content analysis details: (6.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[54.240.13.78 listed in list.dnswl.org]
0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required
MIME headers
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
1.0 BODY_URI_ONLY Message body is only a URI in one line of text or
for an image
0.0 T_REMOTE_IMAGE Message contains an external image
The attached message when I open it starts:
=23outlook A =7B PADDING-BOTTOM: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px=
; PADDING-TOP: 0px =7D
BODY =7BPADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; WIDTH: 100% =
=21important; PADDING-RIGHT: 0px; PADDING-TOP: 0px; -webkit-text-size-adjus=
t: 100%; -ms-text-size-adjust: 100%
=7D
=7D</style> =20
</head>
I added whitelist_auth comixology.com to local.cf and still had issues, so I also added whitelist_from comixology.com, but messages are still tagged as spam.
From: Comics by comiXology <co...@e.comixology.com>
But the message are actually coming from amazon.com. I have these references to amazon in local.cf
adsp_override amazon.com custom_high
adsp_override amazon.com
whitelist_auth *@amazon.com
(not sure about the first two lines, don't recall those settings)
--
The night is always old. He'd walked too often down dark streets in the
secret hours and felt the night stretching away, and known in his blood
that while days and kings and empires come and go, the night is always
the same age, always aeons deep. Terrors unfolded in the velvet shadows
and while the nature of the talons may change, the nature of the beast
does not. --Jingo
Re: Whitelist_from??
Posted by David Jones <dj...@ena.com>.
On 3/14/19 5:50 PM, @lbutlr wrote:
> I've been having a lot of problems with emails from comixology getting tagged as spam and then the message attachment is often, but not always, corrupt.
>
> Content analysis details: (6.8 points, 5.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
> no trust
> [54.240.13.78 listed in list.dnswl.org]
> 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
> [score: 1.0000]
> 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> [score: 1.0000]
> 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
> mail domains are different
> 0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
> 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
> valid
> 0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required
> MIME headers
> 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
> 1.0 BODY_URI_ONLY Message body is only a URI in one line of text or
> for an image
> 0.0 T_REMOTE_IMAGE Message contains an external image
>
> The attached message when I open it starts:
>
> =23outlook A =7B PADDING-BOTTOM: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px=
> ; PADDING-TOP: 0px =7D
> BODY =7BPADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; WIDTH: 100% =
> =21important; PADDING-RIGHT: 0px; PADDING-TOP: 0px; -webkit-text-size-adjus=
> t: 100%; -ms-text-size-adjust: 100%
> =7D
> =7D</style> =20
> </head>
>
> I added whitelist_auth comixology.com to local.cf and still had issues, so I also added whitelist_from comixology.com, but messages are still tagged as spam.
>
> From: Comics by comiXology <co...@e.comixology.com>
>
> But the message are actually coming from amazon.com. I have these references to amazon in local.cf
>
> adsp_override amazon.com custom_high
> adsp_override amazon.com
> whitelist_auth *@amazon.com
>
> (not sure about the first two lines, don't recall those settings)
>
>
>
I would recommend using this if they hit SPF_PASS or DKIM_VALID_AU
whitelist_auth *@*.comixology.com
If they don't have good SPF or DKIM like this one, then use:
whitelist_from_rcvd *@*.comixology.com amazonses.com
The "amazonses.com" would be the part of the sending mail server's name
when it has good FCrDNS. If that mail server doesn't have good FCrDNS,
then use:
whitelist_from_rcvd *@*.comixology.com [ip.ad.dr.ess]
whitelist_from should be the last option and I only use it on a full
email address that is very unique so spammers won't be able to match
that by accident from any source server or IP address.
--
David Jones
Re: Whitelist_from??
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 14 Mar 2019, at 22:03, @lbutlr wrote:
> On 14 Mar 2019, at 17:00, RW <rw...@googlemail.com> wrote:
>>
>> whitelist entries need to be globs that match an email address, not a
>> domain name.
>
> How sophisticated is SA's globbing?
>
> ^(\w+)([\-.'][\w]+)+@domain.tld$
For whitelist entries the match string is a simple glob, not a regex.
"perldoc Mail::SpamAssassin::Conf" will tell you the details.
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
Re: Whitelist_from??
Posted by "@lbutlr" <kr...@kreme.com>.
On 14 Mar 2019, at 17:00, RW <rw...@googlemail.com> wrote:
>
> whitelist entries need to be globs that match an email address, not a
> domain name.
How sophisticated is SA's globbing?
^(\w+)([\-.'][\w]+)+@domain.tld$
?
--
These are the thoughts that kept me out of the really good schools. --
George Carlin
Re: Whitelist_from??
Posted by RW <rw...@googlemail.com>.
On Thu, 14 Mar 2019 16:50:01 -0600
@lbutlr wrote:
> I've been having a lot of problems with emails from comixology
> getting tagged as spam and then the message attachment is often, but
> not always, corrupt.
...
> I added whitelist_auth comixology.com to local.cf and still had
> issues, so I also added whitelist_from comixology.com, but messages
> are still tagged as spam.
whitelist entries need to be globs that match an email address, not a
domain name.