You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by boka <bo...@sto-procent.art.pl> on 2004/12/21 12:54:42 UTC
whitelist_to parametr question
Hi !
I have few users which if the email is spam it has to be delivered to
theirs mailboxes.
I used "whitelist_to" parametr but there are some meassages which are
blocked.
From docs:
There are three levels of To-whitelisting,
"whitelist_to", "more_spam_to" and "all_spam_to".
Users in the first level may still get some spammish
mails blocked, but users in "all_spam_to" should never
get mail blocked.
I would like to know if the string "... should never get mail blocked"
is true :-)
greetz
boka
Re: whitelist_to parametr question
Posted by Thomas Arend <ml...@arend-whv.info>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am Dienstag, 21. Dezember 2004 23:44 schrieb Thomas Arend:
> Am Dienstag, 21. Dezember 2004 12:54 schrieb boka:
> > Hi !
> >
> > I have few users which if the email is spam it has to be delivered to
> > theirs mailboxes.
> >
> > I used "whitelist_to" parametr but there are some meassages which are
> > blocked.
> >
> > From docs:
> >
> > There are three levels of To-whitelisting,
> > "whitelist_to", "more_spam_to" and "all_spam_to".
> > Users in the first level may still get some spammish
> > mails blocked, but users in "all_spam_to" should never
> > get mail blocked.
> >
> > I would like to know if the string "... should never get mail blocked"
> > is true :-)
>
> I send the GTUBE test message to myself and added my address to
> whitelist_to and .._from
>
> This is the report:
> ..
>
> Content analysis details: (889.6 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> -------------------------------------------------- -100 USER_IN_WHITELIST
> From: address is in the user's white-list -6.0 USER_IN_WHITELIST_TO
> User is listed in 'whitelist_to'
> -2.9 ALL_TRUSTED Did not pass through any untrusted hosts
> 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
> -1.7 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0004]
> 0.1 AWL AWL: From: address is in the auto white-list
>
>
> You can see that the whitelisting gives only a high negative score, which
> may not be high enough.
>
>
> Try all_spam_to for yourself to see the efect.
Here are the scores for 3.0.x which explain the meaning of "... should never
get mail blocked"
header From: address is in the auto white-list AWL 1
header From: address is in the user's black-list USER_IN_BLACKLIST 100.000
header From: address is in the user's white-list USER_IN_WHITELIST -100.000
header From: address is in the default white-list USER_IN_DEF_WHITELIST
-15.000
header User is listed in 'blacklist_to' USER_IN_BLACKLIST_TO 10.000
header User is listed in 'whitelist_to' USER_IN_WHITELIST_TO -6.000
header User is listed in 'more_spam_to' USER_IN_MORE_SPAM_TO -20.000
header User is listed in 'all_spam_to' USER_IN_ALL_SPAM_TO -100.000
Best regards
Thomas
- --
icq:133073900
aim:tawhv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFByKomHe2ZLU3NgHsRAignAJ9RRNj5Mh7yGRjlYZFfDf9DuHCffACfXjp2
+iNWDJDbB9QcLh7wLozVoXQ=
=9fuy
-----END PGP SIGNATURE-----
Re: whitelist_to parametr question
Posted by Thomas Arend <ml...@arend-whv.info>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am Dienstag, 21. Dezember 2004 12:54 schrieb boka:
> Hi !
>
> I have few users which if the email is spam it has to be delivered to
> theirs mailboxes.
>
> I used "whitelist_to" parametr but there are some meassages which are
> blocked.
>
> From docs:
>
> There are three levels of To-whitelisting,
> "whitelist_to", "more_spam_to" and "all_spam_to".
> Users in the first level may still get some spammish
> mails blocked, but users in "all_spam_to" should never
> get mail blocked.
>
> I would like to know if the string "... should never get mail blocked"
> is true :-)
I send the GTUBE test message to myself and added my address to whitelist_to
and .._from
This is the report:
..
Content analysis details: (889.6 points, 5.0 required)
pts rule name description
- ---- ---------------------- --------------------------------------------------
- -100 USER_IN_WHITELIST From: address is in the user's white-list
- -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to'
- -2.9 ALL_TRUSTED Did not pass through any untrusted hosts
1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
- -1.7 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0004]
0.1 AWL AWL: From: address is in the auto white-list
You can see that the whitelisting gives only a high negative score, which may
not be high enough.
Try all_spam_to for yourself to see the efect.
Best regards
Thomas
- --
icq:133073900
aim:tawhv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFByKdMHe2ZLU3NgHsRAnBsAJkBtJORMLMVuzNfeExbhsmysdrg2wCfadAX
DaS3Aw2eHoBurXQ84nir+2o=
=K7IQ
-----END PGP SIGNATURE-----
Re: whitelist_to parametr question
Posted by Matt Kettler <mk...@evi-inc.com>.
At 08:25 PM 12/21/2004, David B Funk wrote:
> > However, beware... SA cannot always determine who the recipient of a
> > message is. It does not get a copy of the envelope, thus it must try to
> > decipher the recipient from the headers alone. If the message is Bcc'ed and
> > your MTA doesn't insert a "for xxx@mydomain.com" in the received headers,
> > SA will not know who the message is being sent to, and all_spam_to will
> fail.
>
>Actually that is an implementation issue. Depending upon how SA is
>integrated into your mail system, it could get the envelope addresses.
>(I know that mine does ;).
Yes, it is an implementation issue. However, my statement is still true.
Your SA is not accessing the envelope. It only gets that envelope
information because one of your MTA tools inserts the proper information in
headers. (ie: Return-Path or Envelope-Sender headers, from clauses in
Received: headers, or lots of other places some MTAs automatically or
optionally add this information)
It's still a function of having the proper bits in your headers, SA can
still never access the envelope itself.
You might be able to configure your MTA tools to add more information to
the headers, thus you can fix this in some cases.
Re: whitelist_to parametr question
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Tue, 21 Dec 2004, Matt Kettler wrote:
[snip..]
> However, beware... SA cannot always determine who the recipient of a
> message is. It does not get a copy of the envelope, thus it must try to
> decipher the recipient from the headers alone. If the message is Bcc'ed and
> your MTA doesn't insert a "for xxx@mydomain.com" in the received headers,
> SA will not know who the message is being sent to, and all_spam_to will fail.
Actually that is an implementation issue. Depending upon how SA is
integrated into your mail system, it could get the envelope addresses.
(I know that mine does ;).
Making the envelope 'From' address available to SA works wonders when
trying to use 'whitelist_from_rcvd' to whitelist mailing lists such
as YahooGroups. ;)
However it is good to understand that this is an issue WRT whitelisting
and to know how your particular SA kit works.
> In general, absolute whitelists are generaly best done by going around SA
> in the tool that calls SA.. ie: using procmail rules to skip the call. You
> save CPU time this way too....
Agree here.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: whitelist_to parametr question
Posted by Matt Kettler <mk...@comcast.net>.
At 12:54 PM 12/21/2004 +0100, boka wrote:
>I have few users which if the email is spam it has to be delivered to
>theirs mailboxes.
>
>I used "whitelist_to" parametr but there are some meassages which are blocked.
>
> From docs:
>
>There are three levels of To-whitelisting,
>"whitelist_to", "more_spam_to" and "all_spam_to".
>Users in the first level may still get some spammish
>mails blocked, but users in "all_spam_to" should never
>get mail blocked.
>
>I would like to know if the string "... should never get mail blocked"
>is true :-)
all_spam_to provides a -100 point score. That's a pretty hefty nonspam
bias, and unless you've been jacking spam rules up into the +30 range, it
should be effective.
However, beware... SA cannot always determine who the recipient of a
message is. It does not get a copy of the envelope, thus it must try to
decipher the recipient from the headers alone. If the message is Bcc'ed and
your MTA doesn't insert a "for xxx@mydomain.com" in the received headers,
SA will not know who the message is being sent to, and all_spam_to will fail.
In general, absolute whitelists are generaly best done by going around SA
in the tool that calls SA.. ie: using procmail rules to skip the call. You
save CPU time this way too....