On Wed, 3 Jul 2024, Simon Wilson via users wrote:
> Does whitelist_auth work on From header, or Return-Path? Reason I ask:
>
>
>
> I have two emails from “support .at. wasabi.com”. Due to their emails usually
> triggering KAM rules I have (in
> /etc/mail/spamassassin/local.cf):
>
>
>
> ## Whitelist Wasabi, subject to passing of auth
> whitelist_auth supp...@wasabi.com
[snip..]
> The other is not triggering whitelist_auth and is marked as spam due to the
> KAM rule fails. It has:
>
> Return-Path: <bounces+35259635-6e5a-simon=simonandkate....@mmemail.wasabi.com>
> ... <snip>
> From: Wasabi <supp...@wasabi.com>
> ... <snip>
> Reply-To: supp...@wasabi.com
>
> Despite passing SPF and DKIM, not whitelisted:
>
> X-Spam-Score: 20.212
> X-Spam-Level: ********************
> X-Spam-Status: Yes, score=20.212 tagged_above=-999 required=6.2
> tests=[BAYES_00=-1.9, DCC_CHECK=1.1, DCC_REPUT_99_100=1.4, DKIM_INVALID=0.1,
> DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KAM_BODY_MARKETINGBL_PCCC=0.001,
> KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_MARKETINGBL_PCCC=1,
> KAM_REALLYHUGEIMGSRC=0.5, LR_DMARC_PASS=-0.1, SPF_HELO_NONE=0.001,
> SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01]
> autolearn=no autolearn_force=no
[snip]
>
> Thanks.
> Simon.
You say "passing SPF and DKIM" however in the SA rules report it clearly says:
DKIM_SIGNED=0.1, DKIM_INVALID=0.1
So eventho you think 'passed DKIM' SA clearly does NOT think it does. That
DKIM_INVALID will prevent the whitelist_auth from firing, thus you need to
investigate what's going wrong there.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Good spot, thank you.
The email that passed (sent from Wasabi's Salesforce) clearly passes SPF and
DKIM, and SA accepts that it has passed both:X-Spam-Score: -182.112
X-Spam-Level:
X-Spam-Status: No, score=-182.112 tagged_above=-999 required=6.2
tests=[BAYES_00=-1.9, DCC_CHECK=1.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HELO_STATIC_HOST=-0.001,
HTML_MESSAGE=0.001, KAM_BODY_MARKETINGBL_PCCC=0.001, KAM_BODY_URIBL_PCCC=9,
KAM_FROM_URIBL_PCCC=9, KAM_MARKETINGBL_PCCC=1, LR_DMARC_PASS=-0.1,
RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01,
USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100,
USER_IN_SPF_WELCOMELIST=-0.01, USER_IN_SPF_WHITELIST=-100]
autolearn=no autolearn_force=no
Received: from mail.simonandkate.net ([127.0.0.1])
by localhost (amavis.simonandkate.net [127.0.0.1]) (amavis, port 10024)
with LMTP id FRQBp6eagRev for <simon@mail.local>;
Wed, 3 Jul 2024 11:33:21 +1000 (AEST)
Authentication-Results: mail.simonandkate.net;
spf=pass
smtp.helo=smtp-0e3fa5fa5492d81fe.core1.sfdc-lywfpd.mta.salesforce.com;
spf=pass smtp.mailfrom=wasabi.com
Authentication-Results: mail.simonandkate.net; dmarc=pass (p=quarantine
dis=none) header.from=wasabi.com
Authentication-Results: mail.simonandkate.net; arc=none
smtp.remote-ip=44.227.237.13
Authentication-Results: mail.simonandkate.net;
dkim=pass (1024-bit key, unprotected) header.d=wasabi.com
header.i=@wasabi.com header.a=rsa-sha256 header.s=sfdcproduction
header.b=VPfjwPoA
Received: from smtp-0e3fa5fa5492d81fe.core1.sfdc-lywfpd.mta.salesforce.com
(smtp-0e3fa5fa5492d81fe.core1.sfdc-lywfpd.mta.salesforce.com [44.227.237.13])
by mail.simonandkate.net (Postfix) with ESMTPS id B2E4460E1
for <si...@simonandkate.net>; Wed, 3 Jul 2024 11:33:20 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wasabi.com;
s=sfdcproduction; t=1719970393;
bh=HT3vxtae+200eJTAlHJkPaLUuYEbpqXqTkY70+hSYa4=;
h=Date:From:To:Subject:MIME-Version:Content-Type;
b=VPfjwPoAe8Gu3ruU2nvnYYggXO5JZ/7IaxEDNaBsvvxIZ5PHW+7rXN1usl5qmJZ5u
asB0RBBCXNTH/5SDXXJEu1Pc6jRvsdc+POPLrkQkHqhXgX1DmUjnVYnDBA2tu/8RIk
M7ISxYS4psZXdm73/ZF7sILSdS+USXdTM5JlfbV4=
The failed one is assessed by OpenDKIM as having passed by my server
(mail.simonandkate.net), but you are correct SA sees it as invalid.
So I guess the question is why SA is not accepting a trusted header with a DKIM
pass recorded with the same mail path through the system? I have no AuthRes
settings set specifically in local.cf.
X-Spam-Score: 20.212
X-Spam-Level: ********************
X-Spam-Status: Yes, score=20.212 tagged_above=-999 required=6.2
tests=[BAYES_00=-1.9, DCC_CHECK=1.1, DCC_REPUT_99_100=1.4, DKIM_INVALID=0.1,
DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KAM_BODY_MARKETINGBL_PCCC=0.001,
KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_MARKETINGBL_PCCC=1,
KAM_REALLYHUGEIMGSRC=0.5, LR_DMARC_PASS=-0.1, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01]
autolearn=no autolearn_force=no
Received: from mail.simonandkate.net ([127.0.0.1])
by localhost (amavis.simonandkate.net [127.0.0.1]) (amavis, port 10024)
with LMTP id 0dPigJ_ugPPb for <simon@mail.local>;
Wed, 3 Jul 2024 07:48:51 +1000 (AEST)
Authentication-Results: mail.simonandkate.net;
spf=none smtp.helo=o562.ptr9861.wasabi.com;
spf=pass smtp.mailfrom=mmemail.wasabi.com
Authentication-Results: mail.simonandkate.net; dmarc=pass (p=quarantine
dis=none) header.from=wasabi.com
Authentication-Results: mail.simonandkate.net; arc=none
smtp.remote-ip=159.183.86.216
Authentication-Results: mail.simonandkate.net;
dkim=pass (2048-bit key, unprotected) header.d=wasabi.com
header.i=@wasabi.com header.a=rsa-sha256 header.s=mmd header.b=uhRSt2r0
Received: from o562.ptr9861.wasabi.com (o562.ptr9861.wasabi.com
[159.183.86.216])
by mail.simonandkate.net (Postfix) with ESMTPS id C105157044
for <si...@simonandkate.net>; Wed, 3 Jul 2024 07:48:47 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wasabi.com;
h=content-type:from:mime-version:subject:reply-to:to:list-unsubscribe:
list-unsubscribe-post:cc:content-type:from:subject:to;
s=mmd; bh=cy4eC8HJMJh8b6CwYtOAzArbHod4C/sAQkNIrkSQFPA=;
b=uhRSt2r0lE9yE6sSCc7+QA90N0PCyzA0FNP0bOo2ApH/U+u6yCpjvt0KZJ+VO2MfDKuh
xmzJPFgaHNvajQDOyqfLCfF4xwTrxYyBaKTMf/qinqP6JHpFsKVaDNykv96ZIac/SwRbha
SO4yPkPl1NO5k4ENyD5va2J9LftRyQ0te+awrnbjypQAKJiJ0yPoqNTFCJZGdQSCuJOZG8
ASnJcPZRoL2J83FEJCMPZdS5Wpf0GAgHp7aEpzAFf7TEpfJA8IMsbRSlRs3ptdZtYvwKMR
K6oi/d+w3UBSdFGRpRFZlgFeVjNIp/xCz5pDGf7109C0A+QSjn4zZ3edrOjF1JPg==
