You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Toni Schornböck <ts...@dmb.at> on 2014/06/18 17:33:50 UTC
Soft whitelist a specific mx server
Hi.
Is it possible to downscore mails from a specific mailserver? I have
hostname and ip, but I don't just want to make a Received-Header rule to
downscore it, because the received header can't be trusted.
I use amavisd-new and postfix on my mailserver to call spamassassin, so
spamassassin should be able to get the real IP address from the connecting
server to softscore the mail based on this IP. But I have no idea how to
do this.
Basically my problem is the following: TheCompany is a business partner of
ours but we get lots of spam mail that claims to be from TheCompany. So
sometimes a correct mail gets caught up in my spamfilter because
spamassassin has a hard time to distinguish between real mails from
TheCompany and fake spam mails that only claim to be from TheCompany. I
know dkim and Co would solve this problem, but I can't do anything on my
end.
So I want to downscore mails from their specific Mailserver. Is this
somehow possible without entirely relying on fakable email headers?
Thanks.
Re: Soft whitelist a specific mx server
Posted by Martin Gregorie <ma...@gregorie.org>.
On Wed, 2014-06-18 at 17:33 +0200, Toni Schornböck wrote:
> Basically my problem is the following: TheCompany is a business partner of
> ours but we get lots of spam mail that claims to be from TheCompany. So
> sometimes a correct mail gets caught up in my spamfilter because
> spamassassin has a hard time to distinguish between real mails from
> TheCompany and fake spam mails that only claim to be from TheCompany. I
> know dkim and Co would solve this problem, but I can't do anything on my
> end.
>
> So I want to downscore mails from their specific Mailserver. Is this
> somehow possible without entirely relying on fakable email headers?
>
Can you persuade them to run SPF configured to publish their list of
IP(s) and use the -all mechanism? That would allow your SA set-up to
check that mail is from them.
It would also be a low-cost, simple thing for them to do, since all that
is needed is to add an SPF record to the DNS server(s) that are
definitive for their domain.
Martin
Re: Soft whitelist a specific mx server
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 23.06.14 13:10, Toni Schornböck wrote:
>Yes "WHITELIST" all Emails. I don't want to WHITELIST emails. I want to
>score those emails.
if you read the documentation about whitelist_* directives, you'd find they
only _score_ matching e-mails. whitelist_* lowers score by -100,
def_whitelist_* by -15.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
Re: Soft whitelist a specific mx server
Posted by Axb <ax...@gmail.com>.
On 06/23/2014 01:35 PM, RW wrote:
> header GOOD_IP X-Spam-Relays-External =~ /^[^\]]+ip=1\.1\.2\.3\.4 /
> tflags GOOD_IP nice
with that IP you should use:
tflags GOOD_IP ugly
:)
Re: Soft whitelist a specific mx server
Posted by Toni Schornböck <ts...@dmb.at>.
Hi.
Thank you, that was exactly what I was looking for.
Thanks to everyone that contributed!
RW <rw...@googlemail.com> schrieb am 23. Juni 2014 um 13:35 +0200:
>On Mon, 23 Jun 2014 13:10:40 +0200
>Toni Schornböck wrote:
>
>> Hi.
>>
>> Yes "WHITELIST" all Emails. I don't want to WHITELIST emails. I want
>> to score those emails.
>>
>> My question is the following:
>> I want to apply a spamassassin rule based on the IP address of the
>> server that delivered this email to my mailserver.
>> Is this possible?
>
>
>If you want to use a customized score rather that use one of the
>whitelisting rules you can do something like:
>
>
>header GOOD_IP X-Spam-Relays-External =~ /^[^\]]+ip=1\.1\.2\.3\.4 /
>tflags GOOD_IP nice
>score GOOD_IP -2.0
>
>
>Note that this only looks at the ip address recorded by your mx
>server so can't be faked. You can alternately use the reverse-dns if
>it's recorded in your received header:
>
>
>header GOOD_SERVER X-Spam-Relays-External=~ /^[^\]]+rdns=[^
>]*something\.com /
>
>X-Spam-Relays-External is an extra pseudo-header so doesn't need to be
>present in the email .
>
>
>
Re: Soft whitelist a specific mx server
Posted by RW <rw...@googlemail.com>.
On Mon, 23 Jun 2014 13:10:40 +0200
Toni Schornböck wrote:
> Hi.
>
> Yes "WHITELIST" all Emails. I don't want to WHITELIST emails. I want
> to score those emails.
>
> My question is the following:
> I want to apply a spamassassin rule based on the IP address of the
> server that delivered this email to my mailserver.
> Is this possible?
If you want to use a customized score rather that use one of the
whitelisting rules you can do something like:
header GOOD_IP X-Spam-Relays-External =~ /^[^\]]+ip=1\.1\.2\.3\.4 /
tflags GOOD_IP nice
score GOOD_IP -2.0
Note that this only looks at the ip address recorded by your mx
server so can't be faked. You can alternately use the reverse-dns if
it's recorded in your received header:
header GOOD_SERVER X-Spam-Relays-External=~ /^[^\]]+rdns=[^ ]*something\.com /
X-Spam-Relays-External is an extra pseudo-header so doesn't need to be
present in the email .
Re: Soft whitelist a specific mx server
Posted by Axb <ax...@gmail.com>.
On 06/23/2014 01:10 PM, Toni Schornböck wrote:
> Yes "WHITELIST" all Emails. I don't want to WHITELIST emails. I want to
> score those emails.
>
> My question is the following:
> I want to apply a spamassassin rule based on the IP address of the server
> that delivered this email to my mailserver.
> Is this possible?
yes,
create a header rule with the IP and set score
Re: Soft whitelist a specific mx server
Posted by Toni Schornböck <ts...@dmb.at>.
Hi.
Yes "WHITELIST" all Emails. I don't want to WHITELIST emails. I want to
score those emails.
My question is the following:
I want to apply a spamassassin rule based on the IP address of the server
that delivered this email to my mailserver.
Is this possible?
Matus UHLAR - fantomas <uh...@fantomas.sk> schrieb am 23. Juni 2014 um
11:42 +0200:
>On 23.06.14 09:51, Toni Schornböck wrote:
>>Thanks for the information but whitelist_from_rcvd does whitelist all
>>emails from this server,
>
>no, you can also define single whitelisted address for mail from given
>server.
>
>you can also use def_whitelist_* if you want substract only 15 points
>
>> this is not what I want. I just want to downscore
>>mails from this server because I don't trust them.
>
>downscore? because you don't trust them?
>
>I'm kinda lost now...
>
>
>--
>Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
>Warning: I wish NOT to receive e-mail advertising to this address.
>Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Re: Soft whitelist a specific mx server
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 23.06.14 09:51, Toni Schornböck wrote:
>Thanks for the information but whitelist_from_rcvd does whitelist all
>emails from this server,
no, you can also define single whitelisted address for mail from given
server.
you can also use def_whitelist_* if you want substract only 15 points
> this is not what I want. I just want to downscore
>mails from this server because I don't trust them.
downscore? because you don't trust them?
I'm kinda lost now...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Re: Soft whitelist a specific mx server
Posted by Toni Schornböck <ts...@dmb.at>.
Hi.
Thanks for the information but whitelist_from_rcvd does whitelist all
emails from this server, this is not what I want. I just want to downscore
mails from this server because I don't trust them.
I also can't make them use DKIM, SPF or anything like that.
Currently I have some rules in use that use received header and X-Mailer
header to detect their messages and downscore them. Maybe I need to setup
a rbldns or something like that?
kind regards
Bowie Bailey <Bo...@BUC.com> schrieb am 18. Juni 2014 um 17:41
+0200:
>On 6/18/2014 11:33 AM, Toni Schornböck wrote:
>> Hi.
>>
>> Is it possible to downscore mails from a specific mailserver? I have
>> hostname and ip, but I don't just want to make a Received-Header rule to
>> downscore it, because the received header can't be trusted.
>
> whitelist_from_rcvd
>
>See the man page for Mail::SpamAssassin::Conf
>
>--
>Bowie
>
Re: Soft whitelist a specific mx server
Posted by Bowie Bailey <Bo...@BUC.com>.
On 6/18/2014 11:33 AM, Toni Schornböck wrote:
> Hi.
>
> Is it possible to downscore mails from a specific mailserver? I have
> hostname and ip, but I don't just want to make a Received-Header rule to
> downscore it, because the received header can't be trusted.
whitelist_from_rcvd
See the man page for Mail::SpamAssassin::Conf
--
Bowie