On 1/8/2023 12:57 AM, Brian Conry wrote:
...
Third, to expand on something I alluded to briefly, the emails in
question are generated by a security appliance on our customer's
network, in accordance with their security policy and posture. The
warnings we're getting when our mail server performs these DNS queries
are coming from _our_ network infrastructure, which is AWS.
As I understand things, I have several options.
...
No, there are more options than that; 210 by my count including hybrid
solutions. Others here probably have more.
For you, I recommend the use of Shortcircuiting in association with
whitelist_from_rcvd.
Make sure the Shortcircuit module is loaded. Check SA's v320.pre file.
Then, In your local.cf add this:
score USER_IN_WHITELIST -100
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
shortcircuit USER_IN_WHITELIST on
endif # Mail::SpamAssassin::Plugin::Shortcircuit
whitelist_from_rcvd <SECURITY_EMAIL_FROM_ADDRESS@DOMAIN>
<ENVELOPE_DOMAIN_FROM>
With SA v3.2, I personally don't trust the DKIM and SPF modules but if
the offending security server emails pass DKIM/SPF checks, then you can
play around with using the whitelist_auth function:
whitelist_auth <SECURITY_EMAIL_FROM_ADDRESS@DOMAIN>
Now, your mail server is happy. Emails to the security people from any
other source will be subjected to the full checks of SA, so they will be
happy. The rest of your users will be happy.
Keep it simple. Happiness abounds :)
