You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Steven Stern <su...@sterndata.com> on 2007/01/31 01:47:37 UTC
How do I whitelist this?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm having problems whitelisting mail sent through web sites with a from
address supplied by the user.
Case in point, I send an article from huffingtonpost.com to myself. I
used a "whitelist from huffingtonpost.com", but that doesn't reduce the
spam score.
The headers are:
Return-Path: <ap...@tipsy.huffingtonpost.com>
Received: from tipsy.huffingtonpost.com (tipsy.huffingtonpost.com
[72.3.232.108])
by mooch.sterndata.com (8.13.8/8.13.7) with ESMTP id l0V0iikW024618
for <st...@sterndata.com>; Tue, 30 Jan 2007 18:44:44 -0600
Received: by tipsy.huffingtonpost.com (Postfix, from userid 48)
id D26494A85A6; Tue, 30 Jan 2007 18:44:43 -0600 (CST)
Subject: [ HuffingtonPost.com ] Recommendation: Najaf Battle Not Sunni,
Shia But Shia, Shia
Mime-Version: 1.0
Content-Type: text/html; charset="utf-8"
To: steve@sterndata.com
From: sdstern@gmail.com
What should I use in local.cf to whitelist mail sent to my server by
anyone through huffingtonpost.com (or for that matter, any website that
has a "send article" feature)?
- --
Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFFv+cpeERILVgMyvARAkZJAJ4z8SJ7I5CpnKzCTgsa9q+Oc18O2wCfXfi9
IjsvmtZ5WWpvv5CcBIRcVoQ=
=FdwR
-----END PGP SIGNATURE-----
Re: How do I whitelist this?
Posted by Doc Schneider <ma...@maddoc.net>.
Steven Stern wrote:
> I'm having problems whitelisting mail sent through web sites with a from
> address supplied by the user.
>
> Case in point, I send an article from huffingtonpost.com to myself. I
> used a "whitelist from huffingtonpost.com", but that doesn't reduce the
> spam score.
Should be whitelist_from_rcvd *@*huffingtonpost.com huffingtonpost.com
Since the From in your example was @gmail.com
Make sure to restart SpamAssassin after changing any .cf files.
> The headers are:
>
> Return-Path: <ap...@tipsy.huffingtonpost.com>
> Received: from tipsy.huffingtonpost.com (tipsy.huffingtonpost.com
> [72.3.232.108])
> by mooch.sterndata.com (8.13.8/8.13.7) with ESMTP id l0V0iikW024618
> for <st...@sterndata.com>; Tue, 30 Jan 2007 18:44:44 -0600
> Received: by tipsy.huffingtonpost.com (Postfix, from userid 48)
> id D26494A85A6; Tue, 30 Jan 2007 18:44:43 -0600 (CST)
> Subject: [ HuffingtonPost.com ] Recommendation: Najaf Battle Not Sunni,
> Shia But Shia, Shia
> Mime-Version: 1.0
> Content-Type: text/html; charset="utf-8"
> To: steve@sterndata.com
> From: sdstern@gmail.com
>
>
> What should I use in local.cf to whitelist mail sent to my server by
> anyone through huffingtonpost.com (or for that matter, any website that
> has a "send article" feature)?
>
>
> - --
>
> Steve
--
-Doc
SA/SARE/URIBL/SURBL -- Ninja
6:56pm up 17 days, 3:54, 15 users, load average: 3.35, 4.07, 3.24
SARE HQ http://www.rulesemporium.com/
Re: How do I whitelist this?
Posted by Mark Martinec <Ma...@ijs.si>.
> >> Ideally a milter will fake a return-path header when it fakes the
> >> required received header.
> >
> > For the record, current versions of MIMEDefang do this. I believe
> > someone mentioned that current versions of Amavisd-new also do this.
> > YMMV with older releases and other milters.
>
> Ditto Qmail-Scanner. Any MTA-level agent that calls SA should be doing
> this (adding Return-Path or X-Envelope-From). If not, it's a bug (well,
> a lack of a feature ;-).
Correct, amavisd-new adds 'Return-Path:' with an envelope sender address,
and adds a 'X-Envelope-To:' with a comma-separated list of all envelope
recipient addresses - to a message that is given to SA for checking.
Mark
Re: How do I whitelist this?
Posted by Jason Haar <Ja...@trimble.co.nz>.
Kelson wrote:
> Daryl C. W. O'Shea wrote:
>> Matt Kettler wrote:
>>> But this assumes that your SA is called after the Return-Path header is
>>> added, and not before. If you're using a milter, this won't work,
>>> but if
>>> you're calling from procmail, it will.
>>
>> Ideally a milter will fake a return-path header when it fakes the
>> required received header.
>
> For the record, current versions of MIMEDefang do this. I believe
> someone mentioned that current versions of Amavisd-new also do this.
> YMMV with older releases and other milters.
>
Ditto Qmail-Scanner. Any MTA-level agent that calls SA should be doing
this (adding Return-Path or X-Envelope-From). If not, it's a bug (well,
a lack of a feature ;-).
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: How do I whitelist this?
Posted by Kelson <ke...@speed.net>.
Daryl C. W. O'Shea wrote:
> Matt Kettler wrote:
>> But this assumes that your SA is called after the Return-Path header is
>> added, and not before. If you're using a milter, this won't work, but if
>> you're calling from procmail, it will.
>
> Ideally a milter will fake a return-path header when it fakes the
> required received header.
For the record, current versions of MIMEDefang do this. I believe
someone mentioned that current versions of Amavisd-new also do this.
YMMV with older releases and other milters.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: How do I whitelist this?
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Matt Kettler wrote:
> But this assumes that your SA is called after the Return-Path header is
> added, and not before. If you're using a milter, this won't work, but if
> you're calling from procmail, it will.
Ideally a milter will fake a return-path header when it fakes the
required received header.
If anyone finds themselves using a milter that doesn't fake a
return-path header I'd suggest that they persuade the milter author to
make it happen.
Daryl
Re: How do I whitelist this?
Posted by Matt Kettler <mk...@verizon.net>.
Steven Stern wrote:
> I'm having problems whitelisting mail sent through web sites with a from
> address supplied by the user.
>
> Case in point, I send an article from huffingtonpost.com to myself. I
> used a "whitelist from huffingtonpost.com", but that doesn't reduce the
> spam score.
The proper syntax would be:
whitelist_from *@huffingtonpost.com
Note the presence of an underscore. It's whitelist_from, not whitelist
from.
That said, whitelist_from is evil and should be avoided whenever
possible. whitelist_from_rcvd is significantly better, as it takes two
parameters and checks both the From: header (easily forged) and the
Received: header generated by a trusted server (harder to forge).
The proper syntax for that would be:
whitelist_from_rcvd *@huffingtonpost.com huffingtonpost.com
But this assumes that your SA is called after the Return-Path header is
added, and not before. If you're using a milter, this won't work, but if
you're calling from procmail, it will.
And *always* do the following when editing your configuration:
1) run spamassassin --lint. This should run and exit silently. If it
prints anything, fix the reported errors.
2) If you use the spamc/spamd pair, and have edited a .cf file, you
need to restart spamd for the changes to take effect.