On Mon, 1 Apr 2019, @lbutlr wrote:
I have whitelisted amazon in /usr/local/etc/mail/spamassassin/local.cf
whitelist_auth *@*.amazon.com
whitelist_auth *@amazon.com
whitelist_from *@bounces.amazon.com
whitelist_from order-upd...@amazon.com
whitelist_from_rcvd @amazon.com amazon.com
whitelist_from_rcvd @amazon.com amazonses.com
Seems this last should have matched the received header below, but it doesn't.
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[54.240.13.15 listed in list.dnswl.org]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
1.8 DKIM_ADSP_DISCARD No valid author signature, domain signs all
mail and suggests discarding the rest
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required
MIME headers
0.1 DKIM_INVALID DKIM
There's something wrong with your mail system which is trashing not only your
DKIM processing but your SPF processing too.
In the normal course of things, those Amazon messages should pass both DKIM and
SPF checks.
An Amazon message received here looks like:
pts rule name description
---- ---------------------- ------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[54.240.15.92 listed in list.dnswl.org]
0.0 RCVD_IN_HOSTKARMA_YE RBL: HostKarma: relay in yellow list (varies)
[54.240.15.92 listed in hostkarma.junkemailfilter.com]
0.0 T__BOTNET_NOTRUST Message has no trusted relays
-0.0 SPF_PASS SPF: sender matches SPF record
0.5 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=54.240.15.92,rdns=a15-92.smtp-out.amazonses.com]
0.0 BOTNET_SERVERWORDS Hostname contains server-like substrings
[botnet_serverwords,ip=54.240.15.92,rdns=a15-92.smtp-out.amazonses.com]
-7.5 USER_IN_DEF_SPF_WL From: address is in the default SPF white-list
-7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list
0.0 HTML_MESSAGE BODY: HTML included in message
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's
domain
Note both the DKIM_VALID,DKIM_VALID_AU and SPF_PASS
It hit both USER_IN_DEF_SPF_WL & USER_IN_DEF_DKIM_WL which are standard SA
rules, I didn't add those.
Bottom line, what is going on with your system which is causing DKIM & SPF to
fail?
Does it fail for other properly signed messages or only fail for Amazon?
If you post a complete unaltered Amazon message on pastbin we can take a crack
at it. (only post something which you can publish with out redaction, any
alterations will invalidate the DKIM sig).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
