OK I think I get it, here is a header from one of the companies we do
business with...
Microsoft Mail Internet Headers Version 2.0
Received: from gandalf.ctdx.net ([199.0.161.154]) by buythetruck.com
with Microsoft SMTPSVC(6.0.3790.211);
Tue, 31 Oct 2006 23:27:03 -0500
Received: from harbor.x-cart.com (harbor.x-cart.com [69.20.14.15])
by gandalf.ctdx.net (8.13.7/8.13.6) with ESMTP id kA14M3vT018502
for <[EMAIL PROTECTED]>; Tue, 31 Oct 2006 23:22:03 -0500
Received: from localhost (localhost [127.0.0.1])
by harbor.x-cart.com (Postfix) with ESMTP id 32CA4FC2B4
for <[EMAIL PROTECTED]>; Tue, 31 Oct 2006 20:18:36 -0800 (PST)
Received: from harbor.x-cart.com ([127.0.0.1])
by localhost (harbor.x-cart.com [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id FJP1WignZXnm for <[EMAIL PROTECTED]>;
Tue, 31 Oct 2006 20:18:34 -0800 (PST)
Received: from gw-red.crtdev.local (mail.crtdev.local [192.168.10.1])
by harbor.x-cart.com (Postfix) with ESMTP id 1EE32FC2B2
for <[EMAIL PROTECTED]>; Tue, 31 Oct 2006 20:18:33 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by gw-red.crtdev.local (Postfix) with ESMTP id 0C9B8112EC3C;
Wed, 1 Nov 2006 07:18:33 +0300 (MSK)
Received: from gw-red.crtdev.local ([127.0.0.1])
by localhost (mail.crtdev.local [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id Iqw-2Ddq46oC; Wed, 1 Nov 2006 07:18:32 +0300
(MSK)
Received: from gw-green.crtdev.local (green-red-fiber.crtdev.local
[192.168.99.13])
by gw-red.crtdev.local (Postfix) with ESMTP id DC976112EC2B
for <[EMAIL PROTECTED]>; Wed, 1 Nov 2006 07:18:32 +0300 (MSK)
Received: from sauron.crtdev.local (sauron.crtdev.local [192.168.12.10])
by gw-green.crtdev.local (Postfix) with ESMTP id C1738244C21
for <[EMAIL PROTECTED]>; Wed, 1 Nov 2006 07:18:32 +0300 (MSK)
Received: from sauron.crtdev.local (localhost [127.0.0.1])
by sauron.crtdev.local (8.13.8/8.13.8) with ESMTP id
kA14IFAa080272
for <[EMAIL PROTECTED]>; Wed, 1 Nov 2006 07:18:15 +0300 (MSK)
(envelope-from [EMAIL PROTECTED])
Received: (from [EMAIL PROTECTED])
by sauron.crtdev.local (8.13.8/8.13.8/Submit) id kA14IEv1080271;
Wed, 1 Nov 2006 07:18:14 +0300 (MSK)
(envelope-from www)
Date: Wed, 1 Nov 2006 07:18:14 +0300 (MSK)
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Valentine Kaverin has posted a new message for you.
From: Qualiteam HelpDesk system <[EMAIL PROTECTED]>
Content-Type: text/plain;charset=iso-8859-1;
X-Signature-Check-Ignore: Yes
X-Virus-Scanned: ClamAV 0.88.5/2136/Tue Oct 31 22:06:48 2006 on
gandalf.ctdx.net
X-Virus-Scanned: amavisd-new at x-cart.com
X-Virus-System: ClamAV 0.88.5/2136/Tue Oct 31 19:06:48 2006
X-Virus-Status: Clean
X-Spam-Status: No, score=3.0 required=5.0 tests=AWL,BAYES_00,BIZ_TLD,
SPF_SOFTFAIL,URI_NO_WWW_BIZ_CGI autolearn=no version=3.1.3
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
gandalf.ctdx.net
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 01 Nov 2006 04:27:03.0500 (UTC)
FILETIME=[FB3D50C0:01C6FD6D]
So there entry would be...
whitelist_from_rcvd [EMAIL PROTECTED] x-cart.com
Correct?
Thanks for the help!!
Chris Edwards
-----Original Message-----
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 31, 2006 10:30 PM
To: Chris Edwards
Cc: users@spamassassin.apache.org
Subject: Re: whitelist_from_rcvd
Chris Edwards wrote:
> Hello!
>
> Praise...
>
> I have not used spamassassin for several years. I switched companies
> recently and they were getting killed with spam. I have really
> enjoyed relearning spamassassin and reading the mailing list.
> Spamassassin has done and incredible job of reducing the amount of
> spam coming into the company. I just wanted to say thanks to all of
> you who have had a hand in developing this awesome program!
>
> Ok, now my question...
>
> My company has several other companies that it does business with and
> I want to put those companies and all the domains we own into a white
> list. Can I find the needed information in the headers of an email to
> create a whitelist_from_rcvd entry in local.cf? If so, what
> information do I need? If not, where would I go about finding it.
whitelist_from_rcvd needs to match two parts:
1) A "From" address. This could be the From: header, but could also be a
Return-Path, Envelope-Sender, or similar header with the Envelope "Mail
FROM" recorded in it. Which one you pick for most cases doesn't matter,
but matching a Return-Path is useful for public mailing lists where the
From: header changes constantly, but the Return-Path is always the list
server.
Note: you can use file-glob style wildcards for the addresses here. ie:
[EMAIL PROTECTED]
2) The Reverse DNS hostname for the host that delivered the message to
your network. So find the Received: header your MX added. Then grab the
hostname that appears before the IP address.
For example, let's look at one header that apache.org added:
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Oct 2006 10:14:47 -0800
In this case herse.apache.org is the reverse DNS hostanme.
Note: you don't have to match the whole hostname. You can use a
substring like "apache.org" and it will match "herse.apache.org" or
"example.apache.org".
Nine times out of ten, a whitelist_from_rcvd simply looks like:
whitelist_from_rcvd [EMAIL PROTECTED] example.com
But it never hurts to check the headers, as some folks use servers that
have non-matching domain names to send. (typical when a server is used
for multiple domains. It can only RDNS as one of them...)
>
> Thanks!
>
> ---
>
> Chris Edwards
>
>
