You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bruno Costacurta <te...@costacurta.org> on 2015/06/16 21:12:42 UTC
[RESOLVED] Re: Usage of whitelist_from
Quoting RW <rw...@googlemail.com>:
> On Sat, 13 Jun 2015 21:25:02 +0200
> Bruno Costacurta wrote:
>
>> Hello,
>>
>> I setup the following into /etc/spamassassin/local.cf
>>
>> whitelist_from *@postfix.org
>>
>> But this seems not working as apparently spamassassin still process
>> emails from *@postfix.org.
>
> If you don't want SpamAssassin to process an email you have to
> configure that in whatever glue passes the mail to
> SpamAssassin, whitelist_from just causes a rule to hit with a large
> negative score.
>
> Your actual problem is that the rule isn't showing in the spamd debug.
> If postfix.org isn't in the "From" header then SA needs to find it in
> an appropriate envelope header. See the documentation for
> whitelist_from in the SA configuration man-page.
Thanks for explanation.
Now it is resolved.
First, my previous sample about postfix.org.
In fact the 'from' did not contain @postfix.org.
The postfix log shows :
(...)
postfix/qmgr[9892]: B3C30DA6040:
from=<ow...@postfix.org>, size=7257, nrcpt=1 (queue
active)
(...)
which confused me.
In fact the header 'Sender' and 'Return-path' contains @postfix.org,
but the 'From' on which I based my whitelist_from understanding,
contains the sender email, not @postfix.org
Second, I understand now that whitelist_from just represent a large
score, and does not bypass the email itself.
Thanks again
Bruno
--
LiCo : LinuxCounter Project
Get counted as a Linux user and register your linux boxes
http://linuxcounter.net/
--
Re: [RESOLVED] Re: Usage of whitelist_from
Posted by David Jones <dj...@ena.com>.
>> It will if you enable SHORTCIRCUIT'ing of whitelist_from
> no it will not, it skips many rules which would not have any effect
> because the large negative score but it *will not* bypass
Technically it doesn't bypass SA but it effectively does
the same thing. Depends on what you mean by "bypass."
If you don't want SA involved at all, then you are correct.
If you want all your mail to go through SA and some safely
and reliably skipped with minimal CPU hits, then you can
do this with SHORTCIRCUIT and whitelist_auth/
whitelist_from_rcvd.
There is a valid use for whitelist_from_spf and
whitelist_from_dkim when you trust the sending
mail server but you don't want to trust any mail
server to send for that domain.
Re: [RESOLVED] Re: Usage of whitelist_from
Posted by Reindl Harald <h....@thelounge.net>.
Am 16.06.2015 um 22:11 schrieb David Jones:
>> Second, I understand now that whitelist_from just represent a large
>> score, and does not bypass the email itself.
>
> It will if you enable SHORTCIRCUIT'ing of whitelist_from
no it will not, it skips many rules which would not have any effect
because the large negative score but it *will not* bypass
keep your fingers away of whitelist_from and use whilelist_auth, a
sender which don' tsupport SPF and/or DKIM don't deserve whitelisting
Jun 16 22:28:41 mail-gw spamd[5558]: spamd: result: . -100 -
CUST_DNSWL_4,CUST_DNSWL_5,RCVD_IN_MSPIKE_H3,SHORTCIRCUIT,SHORTCIRCUIT_NET_HAM,USER_IN_SPF_WHITELIST
scantime=0.2,size=48305,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=/run/spamassassin/spamassassin.sock,mid=<14...@ismtpd-066>,autolearn=disabled,shortcircuit=ham
Re: [RESOLVED] Re: Usage of whitelist_from
Posted by David Jones <dj...@ena.com>.
>Second, I understand now that whitelist_from just represent a large
>score, and does not bypass the email itself.
It will if you enable SHORTCIRCUIT'ing of whitelist_from. However,
it is not recommended to use whitelist_from. Use whitelist_from_rcvd,
or whitelist_auth instead to prevent spoofed addresses from passing
through SA without being scored.
Also, never whitelist an address or domain that you filter for. Spam-
mers commonly spoof the From: address to match the To: address
just to try to hit bad whitelist entries like that. (Not saying you did
but just a general rule of whitelisting.)
>Thanks again
>Bruno
Re: [RESOLVED] Re: Usage of whitelist_from
Posted by RW <rw...@googlemail.com>.
On Tue, 16 Jun 2015 21:12:42 +0200
Bruno Costacurta wrote:
>
> Quoting RW <rw...@googlemail.com>:
> > Your actual problem is that the rule isn't showing in the spamd
> > debug. If postfix.org isn't in the "From" header then SA needs to
> > find it in an appropriate envelope header. See the documentation for
> > whitelist_from in the SA configuration man-page.
>
> Thanks for explanation.
> Now it is resolved.
>
> First, my previous sample about postfix.org.
> In fact the 'from' did not contain @postfix.org.
> ..
> In fact the header 'Sender' and 'Return-path' contains @postfix.org,
> but the 'From' on which I based my whitelist_from understanding,
> contains the sender email, not @postfix.org
It explains what's going on, but it's not really resolved since it
implies that SA wasn't able to parse-out the envelope sender from the
headers. It's best to fix that since it's used for other things besides
whitelisting.
I'm guessing that postfix added Return-Path after SA processed the
email. There needs to be a header with the envelope address in;
Return-Path, X-Envelope-From, Envelope-Sender and X-Sender are
supported by default, but you can tell SA the name of the header by
setting envelope_sender_header in SA's config.