You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Reindl Harald <h....@thelounge.net> on 2015/05/18 15:35:27 UTC

whitelist_auth / blacklist_from

well, that below could only work if the SPF-check would also hit the 
FROM-header and not only the envelope, in reality "blacklist_from" hits 
both but in case of a bounce / auto-reply with the null-sender you block 
it - that's bad because otherwise you could stop forging

score USER_IN_BLACKLIST 50.0
score USER_IN_SPF_WHITELIST -100.0
score USER_IN_DKIM_WHITELIST -100.0
whitelist_auth *@paylife.at
whitelist_auth *@sparkasse.at
blacklist_from *@paylife.at
blacklist_from *@sparkasse.at

Re: whitelist_auth / blacklist_from

Posted by Benny Pedersen <me...@junc.eu>.

Meta rules on not spf pass or not dkim valid

Whitelist_auth *@example.org
meta forged_sender_not_pass ((!spf_pass || !dkim_valid_au) && (!user_in_*)

Will be unneeded when dmarc is a spamassassin plugin, until then only 
something like above is possible, just exspand it to specific domain, above 
model is untested but should work

Give the meta a score of blacklist_from


On May 18, 2015 3:35:55 PM Reindl Harald <h....@thelounge.net> wrote:

> well, that below could only work if the SPF-check would also hit the
> FROM-header and not only the envelope, in reality "blacklist_from" hits
> both but in case of a bounce / auto-reply with the null-sender you block
> it - that's bad because otherwise you could stop forging
>
> score USER_IN_BLACKLIST 50.0
> score USER_IN_SPF_WHITELIST -100.0
> score USER_IN_DKIM_WHITELIST -100.0
> whitelist_auth *@paylife.at
> whitelist_auth *@sparkasse.at
> blacklist_from *@paylife.at
> blacklist_from *@sparkasse.at
>