You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bruno Costacurta <te...@costacurta.org> on 2015/06/13 21:25:02 UTC
Usage of whitelist_from
Hello,
I setup the following into /etc/spamassassin/local.cf
whitelist_from *@postfix.org
But this seems not working as apparently spamassassin still process
emails from *@postfix.org.
Hereafter the log of my postfix server with the call to spamassassin
via spamd.
The spamassassin have been re-started after the whitelist setup.
(...)
postfix/postscreen[24527]: CONNECT from [168.100.1.7]:32583 to [x.x.x.x]:25
postfix/postscreen[24527]: PASS OLD [168.100.1.7]:32583
postfix/smtpd[24531]: connect from english-breakfast.cloud9.net[168.100.1.7]
postfix/smtpd[24531]: Anonymous TLS connection established from
english-breakfast.cloud9.net[168.100.1.7]: TLSv1 with cipher
ADH-CAMELLIA256-SHA (256/256 bits)
postfix/smtpd[24531]: 47B3F17DE5FC:
client=english-breakfast.cloud9.net[168.100.1.7]
postfix/cleanup[24536]: 47B3F17DE5FC:
message-id=<20...@mournblade.imrryr.org>
postfix/qmgr[13140]: 47B3F17DE5FC:
from=<ow...@postfix.org>, size=3902, nrcpt=1 (queue
active)
spamd[20236]: spamd: connection from localhost.localdomain
[127.0.0.1]:51878 to port 783, fd 5
spamd[20236]: spamd: setuid to spamfilter succeeded
spamd[20236]: spamd: processing message
<20...@mournblade.imrryr.org> for spamfilter:5001
postfix/smtpd[24531]: disconnect from
english-breakfast.cloud9.net[168.100.1.7]
spamd[20236]: spamd: clean message (-1.9/2.0) for spamfilter:5001 in
0.3 seconds, 3826 bytes.
spamd[20236]: spamd: result: . -1 -
BAYES_00,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL
scantime=0.3,size=3826,user=spamfilter,uid=5001,required_score=2.0,rhost=localhost.l ocaldomain,raddr=127.0.0.1,rport=51878,mid=<20...@mournblade.imrryr.org>,bayes=0.000000,autolearn=ham
autolearn_force=no
postfix/pipe[24537]: 47B3F17DE5FC: to=<te...@xxx.xxx>, relay=myspamd,
delay=3.7, delays=3.4/0.01/0/0.33, dsn=2.0.0, status=sent (delivered
via myspamd servic e)
postfix/qmgr[13140]: 47B3F17DE5FC: removed
postfix/pickup[24482]: B1F7F17DE601: uid=5001
from=<ow...@postfix.org>
postfix/cleanup[24536]: B1F7F17DE601:
message-id=<20...@mournblade.imrryr.org>
postfix/qmgr[13140]: B1F7F17DE601:
from=<ow...@postfix.org>, size=4271, nrcpt=1 (queue
active)
spamd[20235]: prefork: child states: II
dovecot: lda(techie@xxx.xxx): sieve:
msgid=<20...@mournblade.imrryr.org>: stored mail into
mailbox 'INBOX.miscellanous'
postfix/pipe[24541]: B1F7F17DE601: to=<xx...@xxx.xxx>, relay=mydovecot,
delay=0.1, delays=0.05/0.02/0/0.04, dsn=2.0.0, status=sent (delivered
via mydovecot s ervice)
postfix/qmgr[13140]: B1F7F17DE601: removed
(...)
Thanks for any clue or help
Bruno
--
LiCo : LinuxCounter Project
Get counted as a Linux user and register your linux boxes
http://linuxcounter.net/
--
Re: [RESOLVED] Re: Usage of whitelist_from
Posted by David Jones <dj...@ena.com>.
>> It will if you enable SHORTCIRCUIT'ing of whitelist_from
> no it will not, it skips many rules which would not have any effect
> because the large negative score but it *will not* bypass
Technically it doesn't bypass SA but it effectively does
the same thing. Depends on what you mean by "bypass."
If you don't want SA involved at all, then you are correct.
If you want all your mail to go through SA and some safely
and reliably skipped with minimal CPU hits, then you can
do this with SHORTCIRCUIT and whitelist_auth/
whitelist_from_rcvd.
There is a valid use for whitelist_from_spf and
whitelist_from_dkim when you trust the sending
mail server but you don't want to trust any mail
server to send for that domain.
Re: [RESOLVED] Re: Usage of whitelist_from
Posted by Reindl Harald <h....@thelounge.net>.
Am 16.06.2015 um 22:11 schrieb David Jones:
>> Second, I understand now that whitelist_from just represent a large
>> score, and does not bypass the email itself.
>
> It will if you enable SHORTCIRCUIT'ing of whitelist_from
no it will not, it skips many rules which would not have any effect
because the large negative score but it *will not* bypass
keep your fingers away of whitelist_from and use whilelist_auth, a
sender which don' tsupport SPF and/or DKIM don't deserve whitelisting
Jun 16 22:28:41 mail-gw spamd[5558]: spamd: result: . -100 -
CUST_DNSWL_4,CUST_DNSWL_5,RCVD_IN_MSPIKE_H3,SHORTCIRCUIT,SHORTCIRCUIT_NET_HAM,USER_IN_SPF_WHITELIST
scantime=0.2,size=48305,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=/run/spamassassin/spamassassin.sock,mid=<14...@ismtpd-066>,autolearn=disabled,shortcircuit=ham
Re: [RESOLVED] Re: Usage of whitelist_from
Posted by David Jones <dj...@ena.com>.
>Second, I understand now that whitelist_from just represent a large
>score, and does not bypass the email itself.
It will if you enable SHORTCIRCUIT'ing of whitelist_from. However,
it is not recommended to use whitelist_from. Use whitelist_from_rcvd,
or whitelist_auth instead to prevent spoofed addresses from passing
through SA without being scored.
Also, never whitelist an address or domain that you filter for. Spam-
mers commonly spoof the From: address to match the To: address
just to try to hit bad whitelist entries like that. (Not saying you did
but just a general rule of whitelisting.)
>Thanks again
>Bruno
Re: [RESOLVED] Re: Usage of whitelist_from
Posted by RW <rw...@googlemail.com>.
On Tue, 16 Jun 2015 21:12:42 +0200
Bruno Costacurta wrote:
>
> Quoting RW <rw...@googlemail.com>:
> > Your actual problem is that the rule isn't showing in the spamd
> > debug. If postfix.org isn't in the "From" header then SA needs to
> > find it in an appropriate envelope header. See the documentation for
> > whitelist_from in the SA configuration man-page.
>
> Thanks for explanation.
> Now it is resolved.
>
> First, my previous sample about postfix.org.
> In fact the 'from' did not contain @postfix.org.
> ..
> In fact the header 'Sender' and 'Return-path' contains @postfix.org,
> but the 'From' on which I based my whitelist_from understanding,
> contains the sender email, not @postfix.org
It explains what's going on, but it's not really resolved since it
implies that SA wasn't able to parse-out the envelope sender from the
headers. It's best to fix that since it's used for other things besides
whitelisting.
I'm guessing that postfix added Return-Path after SA processed the
email. There needs to be a header with the envelope address in;
Return-Path, X-Envelope-From, Envelope-Sender and X-Sender are
supported by default, but you can tell SA the name of the header by
setting envelope_sender_header in SA's config.
[RESOLVED] Re: Usage of whitelist_from
Posted by Bruno Costacurta <te...@costacurta.org>.
Quoting RW <rw...@googlemail.com>:
> On Sat, 13 Jun 2015 21:25:02 +0200
> Bruno Costacurta wrote:
>
>> Hello,
>>
>> I setup the following into /etc/spamassassin/local.cf
>>
>> whitelist_from *@postfix.org
>>
>> But this seems not working as apparently spamassassin still process
>> emails from *@postfix.org.
>
> If you don't want SpamAssassin to process an email you have to
> configure that in whatever glue passes the mail to
> SpamAssassin, whitelist_from just causes a rule to hit with a large
> negative score.
>
> Your actual problem is that the rule isn't showing in the spamd debug.
> If postfix.org isn't in the "From" header then SA needs to find it in
> an appropriate envelope header. See the documentation for
> whitelist_from in the SA configuration man-page.
Thanks for explanation.
Now it is resolved.
First, my previous sample about postfix.org.
In fact the 'from' did not contain @postfix.org.
The postfix log shows :
(...)
postfix/qmgr[9892]: B3C30DA6040:
from=<ow...@postfix.org>, size=7257, nrcpt=1 (queue
active)
(...)
which confused me.
In fact the header 'Sender' and 'Return-path' contains @postfix.org,
but the 'From' on which I based my whitelist_from understanding,
contains the sender email, not @postfix.org
Second, I understand now that whitelist_from just represent a large
score, and does not bypass the email itself.
Thanks again
Bruno
--
LiCo : LinuxCounter Project
Get counted as a Linux user and register your linux boxes
http://linuxcounter.net/
--
Re: Usage of whitelist_from
Posted by RW <rw...@googlemail.com>.
On Sat, 13 Jun 2015 21:25:02 +0200
Bruno Costacurta wrote:
> Hello,
>
> I setup the following into /etc/spamassassin/local.cf
>
> whitelist_from *@postfix.org
>
> But this seems not working as apparently spamassassin still process
> emails from *@postfix.org.
If you don't want SpamAssassin to process an email you have to
configure that in whatever glue passes the mail to
SpamAssassin, whitelist_from just causes a rule to hit with a large
negative score.
Your actual problem is that the rule isn't showing in the spamd debug.
If postfix.org isn't in the "From" header then SA needs to find it in
an appropriate envelope header. See the documentation for
whitelist_from in the SA configuration man-page.
Re: Usage of whitelist_from
Posted by Bruno Costacurta <te...@costacurta.org>.
Quoting Reindl Harald <h....@thelounge.net>:
> Am 13.06.2015 um 21:25 schrieb Bruno Costacurta:
>> I setup the following into /etc/spamassassin/local.cf
>>
>> whitelist_from *@postfix.org
>
> why /etc/spamassassin/local.cf?
> on most setups its /etc/mail/spamassassin/*.cf
This is in fact /etc/mail/spamassassin/local.cf
On Debian there is a symbolic link to /etc/spamassassin
Bruno
--
LiCo : LinuxCounter Project
Get counted as a Linux user and register your linux boxes
http://linuxcounter.net/
--
Re: Usage of whitelist_from
Posted by Bruno Costacurta <te...@costacurta.org>.
Quoting Bowie Bailey <Bo...@buc.com>:
>
> Did you restart spamd after making the change?
>
> --
> Bowie
Yes, spamassassin config was re-loaded
Under Linux Debian :
sudo systemctl reload spamassassin.service
--
LiCo : LinuxCounter Project
Get counted as a Linux user and register your linux boxes
http://linuxcounter.net/
--
Re: Usage of whitelist_from
Posted by Bowie Bailey <Bo...@BUC.com>.
On 6/14/2015 5:40 AM, Bruno Costacurta wrote:
>
> Quoting Benny Pedersen <me...@junc.eu>:
>
>> Reindl Harald skrev den 2015-06-13 21:29:
>>> Am 13.06.2015 um 21:25 schrieb Bruno Costacurta:
>>>> I setup the following into /etc/spamassassin/local.cf
>>>>
>>>> whitelist_from *@postfix.org
>>>
>>> why /etc/spamassassin/local.cf?
>>> on most setups its /etc/mail/spamassassin/*.cf
>>
>> its opensource, so anyone can create there own problem to resolve with
>>
>> spamassassin -D --lint 2>&1 | less
>>
>> on the other hand whitelist_from is a problem in its own
>
> The location on file /etc/spamassassin/local.cf is correct.
> On Debian config files are located in /etc/spamassassin/* and there is
> a symbolic link from /etc/mail/spamassassin to /etc/spamassassin.
>
> spamassassin -D --lint 2>&1
>
> returns :
>
> ..
> Jun 14 11:33:11.542 [2459] dbg: util: final PATH set to:
> /usr/bin:/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin
> Jun 14 11:33:11.871 [2459] dbg: config: read file
> /etc/spamassassin/local.pre
> Jun 14 11:33:11.873 [2459] dbg: config: read file
> /etc/spamassassin/local.cf
> ..
>
> Obviously /etc/spamassassin/local.cf is read.
Did you restart spamd after making the change?
--
Bowie
Re: Usage of whitelist_from
Posted by Bruno Costacurta <te...@costacurta.org>.
Quoting Benny Pedersen <me...@junc.eu>:
> Reindl Harald skrev den 2015-06-13 21:29:
>> Am 13.06.2015 um 21:25 schrieb Bruno Costacurta:
>>> I setup the following into /etc/spamassassin/local.cf
>>>
>>> whitelist_from *@postfix.org
>>
>> why /etc/spamassassin/local.cf?
>> on most setups its /etc/mail/spamassassin/*.cf
>
> its opensource, so anyone can create there own problem to resolve with
>
> spamassassin -D --lint 2>&1 | less
>
> on the other hand whitelist_from is a problem in its own
The location on file /etc/spamassassin/local.cf is correct.
On Debian config files are located in /etc/spamassassin/* and there is
a symbolic link from /etc/mail/spamassassin to /etc/spamassassin.
spamassassin -D --lint 2>&1
returns :
..
Jun 14 11:33:11.542 [2459] dbg: util: final PATH set to:
/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin
Jun 14 11:33:11.871 [2459] dbg: config: read file /etc/spamassassin/local.pre
Jun 14 11:33:11.873 [2459] dbg: config: read file /etc/spamassassin/local.cf
..
Obviously /etc/spamassassin/local.cf is read.
Bruno
--
LiCo : LinuxCounter Project
Get counted as a Linux user and register your linux boxes
http://linuxcounter.net/
--
Re: Usage of whitelist_from
Posted by Benny Pedersen <me...@junc.eu>.
Reindl Harald skrev den 2015-06-14 00:46:
> how about reading a whole thread *before* give useless answers as you
> are always doing - problem solved - it was just the wrong folder for
> local.cf - period
i showed generic help, if you dont like it, dont reply, atleast dont
show all others then you are fool
Re: Usage of whitelist_from
Posted by Reindl Harald <h....@thelounge.net>.
Am 14.06.2015 um 00:26 schrieb Benny Pedersen:
> Reindl Harald skrev den 2015-06-13 21:29:
>> Am 13.06.2015 um 21:25 schrieb Bruno Costacurta:
>>> I setup the following into /etc/spamassassin/local.cf
>>>
>>> whitelist_from *@postfix.org
>>
>> why /etc/spamassassin/local.cf?
>> on most setups its /etc/mail/spamassassin/*.cf
>
> its opensource, so anyone can create there own problem to resolve with
how about reading a whole thread *before* give useless answers as you
are always doing - problem solved - it was just the wrong folder for
local.cf - period
Re: Usage of whitelist_from
Posted by Benny Pedersen <me...@junc.eu>.
Reindl Harald skrev den 2015-06-13 21:29:
> Am 13.06.2015 um 21:25 schrieb Bruno Costacurta:
>> I setup the following into /etc/spamassassin/local.cf
>>
>> whitelist_from *@postfix.org
>
> why /etc/spamassassin/local.cf?
> on most setups its /etc/mail/spamassassin/*.cf
its opensource, so anyone can create there own problem to resolve with
spamassassin -D --lint 2>&1 | less
on the other hand whitelist_from is a problem in its own
Re: Usage of whitelist_from
Posted by Reindl Harald <h....@thelounge.net>.
Am 13.06.2015 um 21:25 schrieb Bruno Costacurta:
> I setup the following into /etc/spamassassin/local.cf
>
> whitelist_from *@postfix.org
why /etc/spamassassin/local.cf?
on most setups its /etc/mail/spamassassin/*.cf