You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Sergei <se...@publicschoolworks.com> on 2011/04/18 20:44:52 UTC

whitelist

Hello everybody,

I can't figure out why even after I put an address into a whitelist
(whitelist_from), it's still marked as SPAM. Sorry if this is a common
question. Would be grateful for any suggestions.

Thanks,
  Sergei

Re: whitelist

Posted by Sergei <se...@publicschoolworks.com>.

Thanks for a quick reply. Here are the headers (I've replaced the sender's user id with SOMEUSER):

Received: from [127.0.0.1] (helo=silent.office.publicschoolworks.com)
        by dev.publicschoolworks.com with esmtp (Exim 4.71)
        (envelope-from <SO...@mail.ru>)
        id 1QBrsv-0005FR-R2
        for sergei@localhost; Mon, 18 Apr 2011 13:05:13 -0400
Received: from 64.18.218.22 [64.18.218.22]
        by silent.office.publicschoolworks.com with POP3 (fetchmail-6.3.9-rc2)
        for <se...@localhost> (single-drop); Mon, 18 Apr 2011 13:05:13 -0400 (EDT)
Received: from [217.69.129.68] (helo=f9.mail.ru)
        by publicschoolworks.com with esmtp (Exim 4.73)
        (envelope-from <SO...@mail.ru>)
        id 1QBrrx-0007Ui-Ey
        for sergei@publicschoolworks.com; Mon, 18 Apr 2011 13:04:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail;
        h=Message-Id:Content-Transfer-Encoding:Content-Type:Reply-To:In-Reply-To:References:Date:Mime-Version:To:From;
+bh=Wj3bf777uBMhFh4gXD8aW8FRJbmnzVaxNz55aqRK6O4=;
        b=hgCB+/VxNs1WA+F7YbZ2WL2EWDNtHc3nufO5Wt1IAyyvX2NMxXtolvooMm40QIK7VWCz9FBydC5ac1lbaHBisBDIk5Obs4yQ+CoF1IQxVTJcfs1hMs2sb5wYBME9L9Ss;
Received: from mail by f9.mail.ru with local
        id 1QBrpH-0005WZ-00
        for sergei@publicschoolworks.com; Mon, 18 Apr 2011 21:01:27 +0400
Received: from [92.113.60.56] by e.mail.ru with HTTP;
        Mon, 18 Apr 2011 21:01:27 +0400
From: SOMEUSER_FIRST_NAME SOMEUSER_LAST_NAME <SO...@mail.ru>
To: Sergei Gerasenko <se...@publicschoolworks.com>
Mime-Version: 1.0
X-Mailer: mPOP Web-Mail 2.19
X-Originating-IP: [92.113.60.56]
Date: Mon, 18 Apr 2011 21:01:27 +0400
References: <E1...@f238.mail.ru> <E1...@f271.mail.ru> <20...@localhost>
In-Reply-To: <20...@localhost>
Reply-To: SOMEUSER_FIRST_NAME SOMEUSER_LAST_NAME <SO...@mail.ru>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
Message-Id: <E1...@f9.mail.ru>
X-Spam: Not detected
X-Mras: Ok

===========================

In my user_prefs:

whitelist_from SOMEUSER@mail.ru
whitelist_from_spf SOMEUSER@mail.ru

I did restart spamd.

Thanks!
  Sergei

On Mon, Apr 18, 2011 at 02:48:05PM -0400, Michael Scheidell wrote:
> On 4/18/11 2:44 PM, Sergei wrote:
> >Hello everybody,
> >
> >I can't figure out why even after I put an address into a whitelist
> >(whitelist_from), it's still marked as SPAM. Sorry if this is a common
> >question. Would be grateful for any suggestions.
> >
> >Thanks,
> >   Sergei
> need a LOT more info.
> 
> post full headers (not email) and post the EXACT LINE YOU USED in local.cf
> 
> you did restart spamd after, right?
> 
> 
> 
> -- 
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> ISN: 1259*1300
> >*| *SECNAP Network Security Corporation
> 
>    * Best Intrusion Prevention Product, Networks Product Guide
>    * Certified SNORT Integrator
>    * Hot Company Award, World Executive Alliance
>    * Best in Email Security, 2010 Network Products Guide
>    * King of Spam Filters, SC Magazine
> 
> ______________________________________________________________________
> This email has been scanned and certified safe by SpammerTrap(r).
> For Information please see
> http://www.secnap.com/products/spammertrap/
> ______________________________________________________________________

Re: whitelist

Posted by Michael Scheidell <mi...@secnap.com>.

On 4/18/11 2:44 PM, Sergei wrote:
> Hello everybody,
>
> I can't figure out why even after I put an address into a whitelist
> (whitelist_from), it's still marked as SPAM. Sorry if this is a common
> question. Would be grateful for any suggestions.
>
> Thanks,
>    Sergei
need a LOT more info.

post full headers (not email) and post the EXACT LINE YOU USED in local.cf

you did restart spamd after, right?



-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
 >*| *SECNAP Network Security Corporation

    * Best Intrusion Prevention Product, Networks Product Guide
    * Certified SNORT Integrator
    * Hot Company Award, World Executive Alliance
    * Best in Email Security, 2010 Network Products Guide
    * King of Spam Filters, SC Magazine

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________

Re: whitelist

Posted by Daniel McDonald <da...@austinenergy.com>.

On 4/18/11 1:44 PM, "Sergei" <se...@publicschoolworks.com> wrote:

> Hello everybody,
> 
> I can't figure out why even after I put an address into a whitelist
> (whitelist_from), it's still marked as SPAM. Sorry if this is a common
> question. Would be grateful for any suggestions.

The simple suggestions:
1.  Are you certain your whitelist matches the envelop sender address?
2.  Did you restart spamd/amavisd/whatever daemonized process was running
after updating the rules?

The usual suggestions:
1.  Whitelist_from is very dangerous, because it is so easy to spoof.  You
should use whitelist_from_dkim, whitelist_from_spf, or
whitelist_from_received (in descending order of trust) instead.

> 
> Thanks,
>   Sergei

-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281