Awesome. The DKIM module works for that message, but I can't get it to
accept this message
Received: from e3uspmta152.emarsys.net ([91.194.248.152])
by box106.bluehost.com with esmtp (Exim 4.69)
(envelope-from
<[EMAIL PROTECTED]>)
id 1KSGh7-0004Qw-2I
for [EMAIL PROTECTED]; Sun, 10 Aug 2008 13:35:13 -0600
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; q=dns; s=emarsys2007;
d=ebay.com;
h=From:To:Subject:MIME-Version:Content-Type:Date:Message-Id;
b=Wk4mOk98BeMCjqcPi0ww6lUqXUd+TtWf+BHbYd4UYCrUyXQTRspzy79lASjSq2TVFzJLb94xPK4b
5LMorMkcXh4IFjhmrrvbMOGBd8T07N2qc2Z57khJG5qp3INxfwrq
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emarsys2007; d=ebay.com;
b=BF5coyhrrrOOmNXR5ja235DpRo0dnrkb0/J/bBML4STNlCNJZgKNVxyti7DReZXor4bBPWm6tHZa
FliDIttfU/K6zs4ODcyxWwDQdkIIGvW9yg3ZP/AhSWwK9PQFCeIJ;
Received: from us.emarsys.net (10.105.0.82) by e3uspmta152.emarsys.net
(PowerMTA(TM) v3.2r2) id hjt1f80g8bc6 for <[EMAIL PROTECTED]>; Sun, 10
Aug 2008 21:35:14 +0200 (envelope-from
<[EMAIL PROTECTED]>)
From: eBay Motors <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: List your car locally on eBay Motors!
X-EMarSys-Environment: e3us
X-EMarSys-Identify: 1301_810712249304_831911679098
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="_----------=_112358201558820"
Date: Sun, 10 Aug 2008 21:35:14 +0200
Message-Id: <[EMAIL PROTECTED]>
X-user: ::::91.194.248.152:box106.bluehost.com::::::
ebay often uses emarsys.net as their bulk mailer. I have added the
following fules (more or less at random in the hope that one of them
would work--I know I can delete some of them once I get this working)
whitelist_from_dkim [EMAIL PROTECTED]
whitelist_from_dkim [EMAIL PROTECTED] us.emarsys.net
whitelist_from_dkim [EMAIL PROTECTED]
whitelist_from_dkim [EMAIL PROTECTED]
whitelist_from_dkim [EMAIL PROTECTED]
whitelist_from_dkim [EMAIL PROTECTED] us.emarsys.net
whitelist_from_dkim @ebay.com
whitelist_from_dkim [EMAIL PROTECTED]
but when I pipe the message through sa, I get this:
[5464] dbg: dkim: performing public key lookup and signature verification
[5464] dbg: dkim: signing identity: @ebay.com, d=ebay.com, a=rsa-sha1,
c=relaxed/relaxed
[5464] dbg: dkim: signing identity: [EMAIL PROTECTED], d=ebay.com,
a=rsa-sha1, c=nofws
[5464] dbg: dkim: signature verification result: PASS
[5464] dbg: dkim: VALID third-party signature by id @ebay.com, author
[EMAIL PROTECTED], no valid matches
[5464] dbg: dkim: FAILED author signature by id [EMAIL PROTECTED],
author [EMAIL PROTECTED], MATCHES whitelist_from_dkim
(?i-xsm:[EMAIL PROTECTED])
[5464] dbg: dkim: FAILED author signature by id [EMAIL PROTECTED],
author [EMAIL PROTECTED], MATCHES whitelist_from_dkim
(?i-xsm:[EMAIL PROTECTED])
[5464] dbg: dkim: FAILED author signature by id [EMAIL PROTECTED],
author [EMAIL PROTECTED], no valid matches
[5464] dbg: dkim: author [EMAIL PROTECTED], found in
whitelist_from_dkim BUT IGNORED
[5464] dbg: dkim: policy: performing lookup
[5464] dbg: dkim: policy result neutral: o=~
would you believe that the following google search has zero hits?
http://www.google.com/search?num=100&hl=en&safe=off&q=%22failed+author+signature%22+dkim&btnG=Search
Thanks in advance!
Skip
Randal, Phil wrote:
whitelist_from_dkim might be a better way to go:
http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin_D
KIM.html
Cheers,
Phil
--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK
-----Original Message-----
From: Skip [mailto:[EMAIL PROTECTED]
Sent: 11 August 2008 14:15
To: SpamAssassin Users List
Subject: more help on whitelist_from_rcvd
I'm trying to make sure email from ebay is legit. I received an email
from ebay today with the following headers:
Received: from mxsmfpool02.ebay.com ([66.135.209.199]
helo=mxsmfpool01.ebay.com)
by box106.bluehost.com with esmtp (Exim 4.69)
(envelope-from <[EMAIL PROTECTED]>)
id 1KSISe-0003wZ-8P
for [EMAIL PROTECTED]; Sun, 10 Aug 2008 15:28:24 -0600
Received: from sjc2bat11.sjc.ebay.com ([10.8.194.232])
by mxsmfpool01.ebay.com (8.13.5/8.13.5) with ESMTP id
m7ALSNCM012713
for <[EMAIL PROTECTED]>; Sun, 10 Aug 2008 14:28:27 -0700
DomainKey-Signature: a=rsa-sha1; s=dksm28; d=ebay.com; c=nofws; q=dns;
h=x-ebay-mailtracker:to:from:mime-version:content-type:subject:date:
message-id:reply-to:x-ebay-mailversiontracker;
b=oMkULX7sexFP8Davsg9eBquC6yrj7BytJZVtNZ8qQwuipOJUcwjSPZvcmQdYyx+zU
68Ot5VuDBGylST0mLRzsQ==
X-eBay-MailTracker: 11020.567.0.0
To: [EMAIL PROTECTED]
From: eBay <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary=23401732.1218403700945.JavaMail.ebba.sjc2bat11
Subject: Check out the latest items from your favorite sellers on eBay
Date: Sun, 10 Aug 08 14:28:20 GMT-0700
Message-ID: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-eBay-MailVersionTracker: 567.6690890
X-user: ::::66.135.209.199:box106.bluehost.com::::::
And I figured the following SA rules would guarantee passage:
whitelist_from_rcvd [EMAIL PROTECTED] sjc2bat11.sjc.ebay.com
whitelist_from_rcvd [EMAIL PROTECTED] mxsmfpool02.ebay.com
whitelist_from_rcvd [EMAIL PROTECTED] mxsmfpool01.ebay.com
whitelist_from_rcvd [EMAIL PROTECTED] ebay.com whitelist_from_rcvd
[EMAIL PROTECTED] emarsys.net
trusted_networks 192.168/16
trusted_networks 69.89.22.106
trusted_networks 68.231.250/8
internal_networks 192.168/16
internal_networks 69.89.22.106
internal_networks 68.231.250/8
But alas, it does not work--I'm still not able to whitelist this
message. I realize that with this route, I would have to whitelist
every one of ebay's outgoing mail servers (right???), or is there a
better way? In concept, this seems like a great way to ensure one does
not get spoofed emails, but gosh, it sure is hard to set up the rules
for it. Unless I'm missing something simple....
Skip
--
Get my PGP Public key here:
http://pelorus.org/[EMAIL PROTECTED]
