You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Miles Fidelman <mf...@meetinghouse.net> on 2006/11/12 08:46:39 UTC

question re. whitelist_from_rcvd

Hi,

I'm trying to figure out how to whitelist control messages generated by 
our list manager (Sympa) - which are generated on the localhost and sent 
to addresses on the localhost.

In particular, here's a specific example:

*From: *   sympa@lists.fusn.org <ma...@lists.fusn.org>
*Subject: * ****SPAM*** Message diffusion*
*Date: * November 11, 2006 10:22:05 AM EST
*To: *   leonard@tlw.com <ma...@tlw.com>
*Return-Path: * <fusn-owner@lists.fusn.org 
<ma...@lists.fusn.org>>
*X-Original-To: * leonard@tlw.com <ma...@tlw.com>
*Delivered-To: * leonard@tlw.com <ma...@tlw.com>
*Received: * from localhost (localhost.localdomain [127.0.0.1]) by 
server1.neighborhoods.net (Postfix) with ESMTP id 5CDE2B6C2F0 for 
<leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006 10:22:18 
-0500 (EST)
*Received: * from server1.neighborhoods.net ([127.0.0.1]) by localhost 
(server1 [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 31180-01-2 
for <leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006 
10:22:12 -0500 (EST)
*Received: * by server1.neighborhoods.net (Postfix, from userid 114) id 
1A9BFB6C2F6; Sat, 11 Nov 2006 10:22:05 -0500 (EST)
*Mime-Version: * 1.0
*Content-Type: * text/plain; charset=utf-8;
*Content-Transfer-Encoding: * 8bit
*Message-Id: * <20061111152205.1A9BFB6C2F6@server1.neighborhoods.net 
<ma...@server1.neighborhoods.net>>
*X-Virus-Scanned: * by amavisd-new-20030616-p10 (Debian) at 
neighborhoods.net
*X-Spam-Status: * Yes, hits=9.7 tagged_above=0.0 required=6.3 tests=AWL, 
BAYES_20, NO_RELAYS
*X-Spam-Level: * *********
*X-Spam-Flag: * YES
*Status:** *

It's pretty clear that the entry in user_prefs would start with

whitelist_from_rcvd sympa@lists.fusn.org <ma...@lists.fusn.org>

but what would I use as the domain part? 

Thanks very much,

Miles

Re: question re. whitelist_from_rcvd

Posted by Kelson <ke...@speed.net>.

Miles Fidelman wrote:
>>> whitelist_from_rcvd sympa@lists.fusn.org <ma...@lists.fusn.org>
>>>     
> hmmm...not sure how that last bit made it into my email, I thought I'd 
> just typed
> 
> whitelist_from_rcvd sympa@lists.fusn.org
> must have to do with typing it at 2:46 in the am, sigh...

Nah, it's probably just your mail client.  I see in the headers you're 
using SeaMonkey.  I'd guess it shares quite a bit of code with 
Thunderbird, and Thunderbird has an annoying habit of plunking in an 
extra copy of an email address if it's converting from HTML to 
plaintext... even if the text of the link is the email address itself.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>

Re: question re. whitelist_from_rcvd

Posted by Miles Fidelman <mf...@meetinghouse.net>.

Matt Kettler wrote:
> Miles Fidelman wrote:
>   
>> Hi,
>>
>> I'm trying to figure out how to whitelist control messages generated
>> by our list manager (Sympa) - which are generated on the localhost and
>> sent to addresses on the localhost.
>>
>> In particular, here's a specific example:
>>
>> *From: *   sympa@lists.fusn.org <ma...@lists.fusn.org>
>> *Received: * from localhost (localhost.localdomain [127.0.0.1]) by
>> server1.neighborhoods.net (Postfix) with ESMTP id 5CDE2B6C2F0 for
>> <leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006 10:22:18
>> -0500 (EST)
>>
>>
>> It's pretty clear that the entry in user_prefs would start with
>>
>> whitelist_from_rcvd sympa@lists.fusn.org <ma...@lists.fusn.org>
>>     
hmmm...not sure how that last bit made it into my email, I thought I'd 
just typed

whitelist_from_rcvd sympa@lists.fusn.org 

must have to do with typing it at 2:46 in the am, sigh...

>> but what would I use as the domain part?
>>     
> Actually, no..  it would not start like that... As written the "
> <ma...@lists.fusn.org>" would be interpreted as the Received:
> header check.
>
> Try:
> whitelist_from_rcvd sympa@lists.fusn.org localhost.localdomain
>   
Thanks! Will do.

Miles

Re: question re. whitelist_from_rcvd

Posted by Miles Fidelman <mf...@meetinghouse.net>.

Not as easily done as said.

Matthias Leisi wrote:
> Miles Fidelman wrote:
>
> Do you *really* need to pass locally generated mail through
> Spamassassin? Most likely not.
>
>   
I prefer to, since I have a number of users who use my machine as their 
SMTP route to the world - and you never know when a desktop machine can 
pick up a virus or trojan.  Since I run a number of email lists, I like 
to have multiple lines of defense to keep spam and viruses from getting 
to lists.  Beyond the obvious reason, it also reduces the likelihood of 
getting listed in blocklists.

Hence I need something more fine-grained than eliminating filters from 
all locally generated mail.
>> *Received: * from localhost (localhost.localdomain [127.0.0.1]) by
>> server1.neighborhoods.net (Postfix) with ESMTP id 5CDE2B6C2F0 for
>> <leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006 10:22:18
>> -0500 (EST)
>> *Received: * from server1.neighborhoods.net ([127.0.0.1]) by localhost
>> (server1 [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 31180-01-2
>> for <leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006
>> 10:22:12 -0500 (EST)
>> *Received: * by server1.neighborhoods.net (Postfix, from userid 114) id
>> 1A9BFB6C2F6; Sat, 11 Nov 2006 10:22:05 -0500 (EST)
>>
>> Any thoughts on other ways to whitelist locally originated messages from
>> a single address (sympa@lists.fusn.org) without just opening up the
>> world to spammers by using a simple whitelist_from command?
>>     
>
> Looking at the Received: headers it looks as if you're running a mostly
> regular Postfix/Amavis setup, ie Postfix forwards to Amavis which in
> turn forwards it to Postfix.
>
> You can tell Postfix which conent filters it should use depending on
> where mail comes from. Since the mail in question is generated locally
> ("from userid 114"), you can tell Postfix not to use the content filter
> in the pickup process:
>
> +-- /etc/postfix/master.cf --
> | pickup    fifo  n       -       -       60      1       pickup
> |        -o content_filter=
> +-- --
>
> See [1] for a more complete example.
>
> -- Matthias
>
> [1]
> http://matthias.leisi.net/archives/120-Unblocking-an-EICAR-with-PostfixAmavisClamAV.html
>

Re: question re. whitelist_from_rcvd

Posted by Matthias Leisi <ma...@leisi.net>.

Miles Fidelman wrote:

Do you *really* need to pass locally generated mail through
Spamassassin? Most likely not.

> *Received: * from localhost (localhost.localdomain [127.0.0.1]) by
> server1.neighborhoods.net (Postfix) with ESMTP id 5CDE2B6C2F0 for
> <leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006 10:22:18
> -0500 (EST)
> *Received: * from server1.neighborhoods.net ([127.0.0.1]) by localhost
> (server1 [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 31180-01-2
> for <leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006
> 10:22:12 -0500 (EST)
> *Received: * by server1.neighborhoods.net (Postfix, from userid 114) id
> 1A9BFB6C2F6; Sat, 11 Nov 2006 10:22:05 -0500 (EST)
> 
> Any thoughts on other ways to whitelist locally originated messages from
> a single address (sympa@lists.fusn.org) without just opening up the
> world to spammers by using a simple whitelist_from command?

Looking at the Received: headers it looks as if you're running a mostly
regular Postfix/Amavis setup, ie Postfix forwards to Amavis which in
turn forwards it to Postfix.

You can tell Postfix which conent filters it should use depending on
where mail comes from. Since the mail in question is generated locally
("from userid 114"), you can tell Postfix not to use the content filter
in the pickup process:

+-- /etc/postfix/master.cf --
| pickup    fifo  n       -       -       60      1       pickup
|        -o content_filter=
+-- --

See [1] for a more complete example.

-- Matthias

[1]
http://matthias.leisi.net/archives/120-Unblocking-an-EICAR-with-PostfixAmavisClamAV.html

Re: question re. whitelist_from_rcvd

Posted by Miles Fidelman <mf...@meetinghouse.net>.

Matt Kettler wrote:
> Miles Fidelman wrote:
>   
>> Hi,
>>
>> I'm trying to figure out how to whitelist control messages generated
>> by our list manager (Sympa) - which are generated on the localhost and
>> sent to addresses on the localhost.
>>
>> In particular, here's a specific example:
>>
>> *From: *   sympa@lists.fusn.org <ma...@lists.fusn.org>
>> *Received: * from localhost (localhost.localdomain [127.0.0.1]) by
>> server1.neighborhoods.net (Postfix) with ESMTP id 5CDE2B6C2F0 for
>> <leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006 10:22:18
>> -0500 (EST)
>>
>>
>> It's pretty clear that the entry in user_prefs would start with
>>
>> whitelist_from_rcvd sympa@lists.fusn.org <ma...@lists.fusn.org>
>>
>> but what would I use as the domain part?
>>     
> Actually, no..  it would not start like that... As written the "
> <ma...@lists.fusn.org>" would be interpreted as the Received:
> header check.
>
> Try:
> whitelist_from_rcvd sympa@lists.fusn.org localhost.localdomain
>
>   
Well that doesn't seem to work.  I also tried

whitelist_from_rcvd sympa@lists.fusn.org server1.neighborhoods.net
whitelist_from_rcvd sympa@lists.fusn.org 127.0.0.1

I think the problem is that the reverse lookups don't match in any of 
these combinations (look closely at the headers):

*From: *   sympa@lists.fusn.org <ma...@lists.fusn.org>
*Subject: * ****SPAM*** Message diffusion*
*Date: * November 11, 2006 10:22:05 AM EST
*To: *   leonard@tlw.com <ma...@tlw.com>
*Return-Path: * <fusn-owner@lists.fusn.org 
<ma...@lists.fusn.org>>
*X-Original-To: * leonard@tlw.com <ma...@tlw.com>
*Delivered-To: * leonard@tlw.com <ma...@tlw.com>
*Received: * from localhost (localhost.localdomain [127.0.0.1]) by 
server1.neighborhoods.net (Postfix) with ESMTP id 5CDE2B6C2F0 for 
<leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006 10:22:18 
-0500 (EST)
*Received: * from server1.neighborhoods.net ([127.0.0.1]) by localhost 
(server1 [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 31180-01-2 
for <leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006 
10:22:12 -0500 (EST)
*Received: * by server1.neighborhoods.net (Postfix, from userid 114) id 
1A9BFB6C2F6; Sat, 11 Nov 2006 10:22:05 -0500 (EST)

Any thoughts on other ways to whitelist locally originated messages from 
a single address (sympa@lists.fusn.org) without just opening up the 
world to spammers by using a simple whitelist_from command?

Thanks again,

Miles

Re: question re. whitelist_from_rcvd

Posted by Matt Kettler <mk...@verizon.net>.

Miles Fidelman wrote:
> Hi,
>
> I'm trying to figure out how to whitelist control messages generated
> by our list manager (Sympa) - which are generated on the localhost and
> sent to addresses on the localhost.
>
> In particular, here's a specific example:
>
> *From: *   sympa@lists.fusn.org <ma...@lists.fusn.org>
> *Received: * from localhost (localhost.localdomain [127.0.0.1]) by
> server1.neighborhoods.net (Postfix) with ESMTP id 5CDE2B6C2F0 for
> <leonard@tlw.com <ma...@tlw.com>>; Sat, 11 Nov 2006 10:22:18
> -0500 (EST)
>
>
> It's pretty clear that the entry in user_prefs would start with
>
> whitelist_from_rcvd sympa@lists.fusn.org <ma...@lists.fusn.org>
>
> but what would I use as the domain part?
Actually, no..  it would not start like that... As written the "
<ma...@lists.fusn.org>" would be interpreted as the Received:
header check.

Try:
whitelist_from_rcvd sympa@lists.fusn.org localhost.localdomain