You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2010/08/21 03:09:42 UTC
Whitelist question
Hi,
I'm trying to use whitelist_from_rcvd and it doesn't appear to be
working. I'm trying to whitelist mail from the AZ lottery. Here are
the headers from the email:
Received: from AZMTAQS01.AZ.GOV (azmtaprd01.az.gov [159.87.126.8])
From: "Arizona Lottery" <em...@azlottery.gov>
Isn't this the proper way to use this?
whitelist_from_rcvd email.reply@azlottery.gov az.gov
What am I doing wrong?
Thanks,
Alex
Re: Whitelist question
Posted by Alex <my...@gmail.com>.
[just realized my response was inadvertently sent directly to Matt, sorry]
Hi,
>> What am I missing? Shouldn't there be an "ip=" entry for
>> smtp01.example.com? I have trusted_networks defined in local.cf, and
>> it includes the smtp01.example.com server.
>
> Um, no. smtp01.example.com is your own box.
Yes, but it is among the relays in the Received: headers, so I thought
this is how it determines the last external server, or the first
trusted server, as the case may be?
> Do you have some kind of system that queues and re-delivers mail locally
> over a SMTP loopback?
Yes, amavisd-new.
> Regardless, it does look like your DNS server isn't answering reverse
> lookups for 127.0.0.1. That should be fixed by adding a reverse zone for
> 0.0.127.in-addr.arpa. Most OS distros come with a sample zone file for this
> as part of their stock config.
# nslookup 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
1.0.0.127.in-addr.arpa name = localhost.
Isn't that sufficient and correct?
Thanks,
Alex
Re: Whitelist question
Posted by Benny Pedersen <me...@junc.org>.
On fre 27 aug 2010 23:47:54 CEST, Alex wrote
> Hi,
>
> I'm still having some difficulty with trusted_networks, and believe it
> may be a result of a DNS issue?
trosted_networks on hostnames ?
just kidding right ?
>
>>> Yes, but it is among the relays in the Received: headers, so I thought
>>> this is how it determines the last external server, or the first
>>> trusted server, as the case may be?
>>>
>> Well, lack of reverse DNS ends the trust/internal path. Hard to trust a host
>> without proper DNS records.
>
> I thought I had a working DNS, though. localhost resolves, and so does
> 127.0.0.1. Here's an example with cnn.com. Is this correct?
>
> Received: from smtp01.example.com ([127.0.0.1])
> by localhost (smtp01.example.com [127.0.0.1]) (amavisd-new, port 10024)
> with ESMTP id 30215-385 for <10...@example.com>;
> Wed, 25 Aug 2010 18:35:09 -0400 (EDT)
this is from your postfix hand it over to amavisd, so check
smtp_helo_name in master.cf
postfix does not resolve ips that are non routelble by default imho
> Received: from i2.web2.mail.cnn.com (i2.web2.mail.cnn.com [157.166.236.129])
> by smtp01.example.com (Postfix) with ESMTP id 04CC413D4020
> for <10...@example.com>; Wed, 25 Aug 2010 18:35:09 -0400 (EDT)
perfekt
> Here it looks like localhost didn't resolve properly, but I don't
> understand how this could be, because it is not only in the hosts file
> and in DNS, but it's also in the hosts file for postfix.
see amavisd.conf and search for localhost
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: Whitelist question
Posted by Alex <my...@gmail.com>.
Hi,
I'm still having some difficulty with trusted_networks, and believe it
may be a result of a DNS issue?
>> Yes, but it is among the relays in the Received: headers, so I thought
>> this is how it determines the last external server, or the first
>> trusted server, as the case may be?
>>
> Well, lack of reverse DNS ends the trust/internal path. Hard to trust a host
> without proper DNS records.
I thought I had a working DNS, though. localhost resolves, and so does
127.0.0.1. Here's an example with cnn.com. Is this correct?
Received: from smtp01.example.com ([127.0.0.1])
by localhost (smtp01.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 30215-385 for <10...@example.com>;
Wed, 25 Aug 2010 18:35:09 -0400 (EDT)
Received: from i2.web2.mail.cnn.com (i2.web2.mail.cnn.com [157.166.236.129])
by smtp01.example.com (Postfix) with ESMTP id 04CC413D4020
for <10...@example.com>; Wed, 25 Aug 2010 18:35:09 -0400 (EDT)
Here it looks like localhost didn't resolve properly, but I don't
understand how this could be, because it is not only in the hosts file
and in DNS, but it's also in the hosts file for postfix.
Thanks,
Alex
Re: Whitelist question
Posted by Matt Kettler <mk...@verizon.net>.
On 8/24/2010 1:13 PM, Alex wrote:
> Hi,
>
>> For clarity: assuming your MTA inserts a Return-Path: header, or adds a
>> clause to the Received header about the envelope sender, whitelist_from_rcvd
>> will match against it, in addition to the From: header, and several other
>> "from-like" headers. (however Resent-From should take priority if present..)
> I ran a different message (don't have the original any longer), and it
> showed only loopback as the trusted network:
>
> [18656] dbg: received-header: parsed as [ ip=127.0.0.1
> rdns=localhost.localdomain helo=localhost by=localhost ident= envfrom=
> intl=0 id=5161B400002 auth= msa=0 ]
> [18656] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes msa? no
> [18656] dbg: received-header: parsed as [ ip=127.0.0.1 rdns=
> helo=smtp01.example.com by=localhost ident= envfrom= intl=0
> id=09005-449 auth= msa=0 ]
> [18656] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes msa? no
>
> What am I missing? Shouldn't there be an "ip=" entry for
> smtp01.example.com? I have trusted_networks defined in local.cf, and
> it includes the smtp01.example.com server.
>
> Thanks,
> Alex
>
Um, no. smtp01.example.com is your own box.
Or at least some process running ON YOUR SERVER is connecting over the
loopback (127.0.0.1) and delivering mail with a HELO string of
"smtp01.example.com".
Do you have some kind of system that queues and re-delivers mail locally
over a SMTP loopback?
Regardless, it does look like your DNS server isn't answering reverse
lookups for 127.0.0.1. That should be fixed by adding a reverse zone for
0.0.127.in-addr.arpa. Most OS distros come with a sample zone file for
this as part of their stock config.
Re: Whitelist question
Posted by Alex <my...@gmail.com>.
Hi,
> For clarity: assuming your MTA inserts a Return-Path: header, or adds a
> clause to the Received header about the envelope sender, whitelist_from_rcvd
> will match against it, in addition to the From: header, and several other
> "from-like" headers. (however Resent-From should take priority if present..)
I ran a different message (don't have the original any longer), and it
showed only loopback as the trusted network:
[18656] dbg: received-header: parsed as [ ip=127.0.0.1
rdns=localhost.localdomain helo=localhost by=localhost ident= envfrom=
intl=0 id=5161B400002 auth= msa=0 ]
[18656] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes msa? no
[18656] dbg: received-header: parsed as [ ip=127.0.0.1 rdns=
helo=smtp01.example.com by=localhost ident= envfrom= intl=0
id=09005-449 auth= msa=0 ]
[18656] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes msa? no
What am I missing? Shouldn't there be an "ip=" entry for
smtp01.example.com? I have trusted_networks defined in local.cf, and
it includes the smtp01.example.com server.
Thanks,
Alex
Re: Whitelist question
Posted by Matt Kettler <mk...@verizon.net>.
On 8/21/2010 1:27 AM, Henrik K wrote:
> On Sat, Aug 21, 2010 at 08:16:58AM +0300, Henrik K wrote:
>> You need to use _envelope_ sender (e.g. Return-Path), not From.
> Never mind, I was confusing it with spf and read the docs..
For clarity: assuming your MTA inserts a Return-Path: header, or adds a
clause to the Received header about the envelope sender,
whitelist_from_rcvd will match against it, in addition to the From:
header, and several other "from-like" headers. (however Resent-From
should take priority if present..)
Re: Whitelist question
Posted by Henrik K <he...@hege.li>.
On Sat, Aug 21, 2010 at 08:16:58AM +0300, Henrik K wrote:
> On Fri, Aug 20, 2010 at 11:39:05PM -0400, Matt Kettler wrote:
> > On 8/20/2010 9:09 PM, Alex wrote:
> > >Hi,
> > >
> > >I'm trying to use whitelist_from_rcvd and it doesn't appear to be
> > >working. I'm trying to whitelist mail from the AZ lottery. Here are
> > >the headers from the email:
> > >
> > >Received: from AZMTAQS01.AZ.GOV (azmtaprd01.az.gov [159.87.126.8])
> > >From: "Arizona Lottery"<em...@azlottery.gov>
> > >
> > >Isn't this the proper way to use this?
> > >
> > >whitelist_from_rcvd email.reply@azlottery.gov az.gov
> > >
> > >What am I doing wrong?
> >
> > That "should" work. Assuming that:
> >
> > 1) there is a "by" clause you cut off that Received: header.
> > 2) The host that is receiving the mail from az.gov is trusted by SA.
> > 3) az.gov is *NOT* trusted by SA.
> >
> > For 2 and 3 you might want to run a copy of the message through
> > spamassassin -D and see what the list of trusted and untrusted
> > relays are.
>
> You need to use _envelope_ sender (e.g. Return-Path), not From.
Never mind, I was confusing it with spf and read the docs..
Re: Whitelist question
Posted by Henrik K <he...@hege.li>.
On Fri, Aug 20, 2010 at 11:39:05PM -0400, Matt Kettler wrote:
> On 8/20/2010 9:09 PM, Alex wrote:
> >Hi,
> >
> >I'm trying to use whitelist_from_rcvd and it doesn't appear to be
> >working. I'm trying to whitelist mail from the AZ lottery. Here are
> >the headers from the email:
> >
> >Received: from AZMTAQS01.AZ.GOV (azmtaprd01.az.gov [159.87.126.8])
> >From: "Arizona Lottery"<em...@azlottery.gov>
> >
> >Isn't this the proper way to use this?
> >
> >whitelist_from_rcvd email.reply@azlottery.gov az.gov
> >
> >What am I doing wrong?
>
> That "should" work. Assuming that:
>
> 1) there is a "by" clause you cut off that Received: header.
> 2) The host that is receiving the mail from az.gov is trusted by SA.
> 3) az.gov is *NOT* trusted by SA.
>
> For 2 and 3 you might want to run a copy of the message through
> spamassassin -D and see what the list of trusted and untrusted
> relays are.
You need to use _envelope_ sender (e.g. Return-Path), not From.
Re: Whitelist question
Posted by Matt Kettler <mk...@verizon.net>.
On 8/20/2010 9:09 PM, Alex wrote:
> Hi,
>
> I'm trying to use whitelist_from_rcvd and it doesn't appear to be
> working. I'm trying to whitelist mail from the AZ lottery. Here are
> the headers from the email:
>
> Received: from AZMTAQS01.AZ.GOV (azmtaprd01.az.gov [159.87.126.8])
> From: "Arizona Lottery"<em...@azlottery.gov>
>
> Isn't this the proper way to use this?
>
> whitelist_from_rcvd email.reply@azlottery.gov az.gov
>
> What am I doing wrong?
That "should" work. Assuming that:
1) there is a "by" clause you cut off that Received: header.
2) The host that is receiving the mail from az.gov is trusted by SA.
3) az.gov is *NOT* trusted by SA.
For 2 and 3 you might want to run a copy of the message through
spamassassin -D and see what the list of trusted and untrusted relays are.