You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by boka <bo...@sto-procent.art.pl> on 2004/12/21 12:54:42 UTC

whitelist_to parametr question

Hi !

I have few users which if the email is spam it has to be delivered to 
theirs mailboxes.

I used "whitelist_to" parametr but there are some meassages which are 
blocked.

 From docs:

There are three levels of To-whitelisting,
"whitelist_to", "more_spam_to" and "all_spam_to".
Users in the first level may still get some spammish
mails blocked, but users in "all_spam_to" should never
get mail blocked.

I would like to know if the string "... should never get mail blocked"
is true :-)

greetz
boka

Re: whitelist_to parametr question

Posted by Thomas Arend <ml...@arend-whv.info>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 21. Dezember 2004 23:44 schrieb Thomas Arend:
> Am Dienstag, 21. Dezember 2004 12:54 schrieb boka:
> > Hi !
> >
> > I have few users which if the email is spam it has to be delivered to
> > theirs mailboxes.
> >
> > I used "whitelist_to" parametr but there are some meassages which are
> > blocked.
> >
> >  From docs:
> >
> > There are three levels of To-whitelisting,
> > "whitelist_to", "more_spam_to" and "all_spam_to".
> > Users in the first level may still get some spammish
> > mails blocked, but users in "all_spam_to" should never
> > get mail blocked.
> >
> > I would like to know if the string "... should never get mail blocked"
> > is true :-)
>
> I send the GTUBE test message to myself and added my address to
> whitelist_to and .._from
>
> This is the report:
> ..
>
> Content analysis details:   (889.6 points, 5.0 required)
>
>  pts rule name              description
> ---- ----------------------
> -------------------------------------------------- -100 USER_IN_WHITELIST  
>    From: address is in the user's white-list -6.0 USER_IN_WHITELIST_TO  
> User is listed in 'whitelist_to'
> -2.9 ALL_TRUSTED            Did not pass through any untrusted hosts
> 1000 GTUBE                  BODY: Generic Test for Unsolicited Bulk Email
> -1.7 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
>                             [score: 0.0004]
>  0.1 AWL                    AWL: From: address is in the auto white-list
>
>
> You can see that the whitelisting gives only a high negative score, which
> may not be high enough.
>
>
> Try all_spam_to for yourself to see the efect.

Here are the scores for 3.0.x which explain the meaning of  "... should never 
get mail blocked"

header From: address is in the auto white-list   	  AWL   	 1
header From: address is in the user's black-list 	USER_IN_BLACKLIST 	100.000
header From: address is in the user's white-list 	USER_IN_WHITELIST 	-100.000
header From: address is in the default white-list 	USER_IN_DEF_WHITELIST 
	-15.000
header User is listed in 'blacklist_to' 	USER_IN_BLACKLIST_TO 	10.000
header User is listed in 'whitelist_to' 	USER_IN_WHITELIST_TO 	-6.000
header User is listed in 'more_spam_to' 	USER_IN_MORE_SPAM_TO 	-20.000
header User is listed in 'all_spam_to' 	USER_IN_ALL_SPAM_TO 	-100.000

Best regards

Thomas

- -- 
icq:133073900
aim:tawhv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFByKomHe2ZLU3NgHsRAignAJ9RRNj5Mh7yGRjlYZFfDf9DuHCffACfXjp2
+iNWDJDbB9QcLh7wLozVoXQ=
=9fuy
-----END PGP SIGNATURE-----

Re: whitelist_to parametr question

Posted by Thomas Arend <ml...@arend-whv.info>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 21. Dezember 2004 12:54 schrieb boka:
> Hi !
>
> I have few users which if the email is spam it has to be delivered to
> theirs mailboxes.
>
> I used "whitelist_to" parametr but there are some meassages which are
> blocked.
>
>  From docs:
>
> There are three levels of To-whitelisting,
> "whitelist_to", "more_spam_to" and "all_spam_to".
> Users in the first level may still get some spammish
> mails blocked, but users in "all_spam_to" should never
> get mail blocked.
>
> I would like to know if the string "... should never get mail blocked"
> is true :-)

I send the GTUBE test message to myself and added my address to whitelist_to 
and .._from

This is the report:
..

Content analysis details:   (889.6 points, 5.0 required)

 pts rule name              description
- ---- ---------------------- --------------------------------------------------
- -100 USER_IN_WHITELIST      From: address is in the user's white-list
- -6.0 USER_IN_WHITELIST_TO   User is listed in 'whitelist_to'
- -2.9 ALL_TRUSTED            Did not pass through any untrusted hosts
1000 GTUBE                  BODY: Generic Test for Unsolicited Bulk Email
- -1.7 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
                            [score: 0.0004]
 0.1 AWL                    AWL: From: address is in the auto white-list


You can see that the whitelisting gives only a high negative score, which may 
not be high enough.


Try all_spam_to for yourself to see the efect.


Best regards

Thomas

- -- 
icq:133073900
aim:tawhv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFByKdMHe2ZLU3NgHsRAnBsAJkBtJORMLMVuzNfeExbhsmysdrg2wCfadAX
DaS3Aw2eHoBurXQ84nir+2o=
=K7IQ
-----END PGP SIGNATURE-----

Re: whitelist_to parametr question

Posted by Matt Kettler <mk...@evi-inc.com>.

At 08:25 PM 12/21/2004, David B Funk wrote:
> > However, beware... SA cannot always determine who the recipient of a
> > message is. It does not get a copy of the envelope, thus it must try to
> > decipher the recipient from the headers alone. If the message is Bcc'ed and
> > your MTA doesn't insert a "for xxx@mydomain.com" in the received headers,
> > SA will not know who the message is being sent to, and all_spam_to will 
> fail.
>
>Actually that is an implementation issue. Depending upon how SA is
>integrated into your mail system, it could get the envelope addresses.
>(I know that mine does ;).

Yes, it is an implementation issue. However, my statement is still true.

Your SA is not accessing the envelope. It only gets that envelope 
information because one of your MTA tools inserts the proper information in 
headers. (ie: Return-Path or Envelope-Sender headers, from clauses in 
Received: headers, or lots of other places some MTAs automatically or 
optionally add this information)

It's still a function of having the proper bits in your headers, SA can 
still never access the envelope itself.

You might be able to configure your MTA tools to add more information to 
the headers, thus you can fix this in some cases.

Re: whitelist_to parametr question

Posted by David B Funk <db...@engineering.uiowa.edu>.

On Tue, 21 Dec 2004, Matt Kettler wrote:

[snip..]
> However, beware... SA cannot always determine who the recipient of a
> message is. It does not get a copy of the envelope, thus it must try to
> decipher the recipient from the headers alone. If the message is Bcc'ed and
> your MTA doesn't insert a "for xxx@mydomain.com" in the received headers,
> SA will not know who the message is being sent to, and all_spam_to will fail.

Actually that is an implementation issue. Depending upon how SA is
integrated into your mail system, it could get the envelope addresses.
(I know that mine does ;).
Making the envelope 'From' address available to SA works wonders when
trying to use 'whitelist_from_rcvd' to whitelist mailing lists such
as YahooGroups. ;)

However it is good to understand that this is an issue WRT whitelisting
and to know how your particular SA kit works.

> In general, absolute whitelists are generaly best done by going around SA
> in the tool that calls SA.. ie: using procmail rules to skip the call. You
> save CPU time this way too....

Agree here.

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Re: whitelist_to parametr question

Posted by Matt Kettler <mk...@comcast.net>.

At 12:54 PM 12/21/2004 +0100, boka wrote:
>I have few users which if the email is spam it has to be delivered to 
>theirs mailboxes.
>
>I used "whitelist_to" parametr but there are some meassages which are blocked.
>
> From docs:
>
>There are three levels of To-whitelisting,
>"whitelist_to", "more_spam_to" and "all_spam_to".
>Users in the first level may still get some spammish
>mails blocked, but users in "all_spam_to" should never
>get mail blocked.
>
>I would like to know if the string "... should never get mail blocked"
>is true :-)

all_spam_to provides a -100 point score. That's a pretty hefty nonspam 
bias, and unless you've been jacking spam rules up into the +30 range, it 
should be effective.

However, beware... SA cannot always determine who the recipient of a 
message is. It does not get a copy of the envelope, thus it must try to 
decipher the recipient from the headers alone. If the message is Bcc'ed and 
your MTA doesn't insert a "for xxx@mydomain.com" in the received headers, 
SA will not know who the message is being sent to, and all_spam_to will fail.

In general, absolute whitelists are generaly best done by going around SA 
in the tool that calls SA.. ie: using procmail rules to skip the call. You 
save CPU time this way too....