I see no whitelist_from_dkim [EMAIL PROTECTED] emarsys.net
in your list. Not that I'm sure that's the problem. A whitelist_from_rcvd [EMAIL PROTECTED] emarsys.net Should have caught that one too (if your really trust emarsys.net). Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: Skip [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 17:47 To: Randal, Phil Cc: SpamAssassin Users List Subject: Re: more help on whitelist_from_rcvd Awesome. The DKIM module works for that message, but I can't get it to accept this message Received: from e3uspmta152.emarsys.net ([91.194.248.152]) by box106.bluehost.com with esmtp (Exim 4.69) (envelope-from <[EMAIL PROTECTED]>) id 1KSGh7-0004Qw-2I for [EMAIL PROTECTED]; Sun, 10 Aug 2008 13:35:13 -0600 DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; q=dns; s=emarsys2007; d=ebay.com; h=From:To:Subject:MIME-Version:Content-Type:Date:Message-Id; b=Wk4mOk98BeMCjqcPi0ww6lUqXUd+TtWf+BHbYd4UYCrUyXQTRspzy79lASjSq2TVFzJLb9 4xPK4b 5LMorMkcXh4IFjhmrrvbMOGBd8T07N2qc2Z57khJG5qp3INxfwrq DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emarsys2007; d=ebay.com; b=BF5coyhrrrOOmNXR5ja235DpRo0dnrkb0/J/bBML4STNlCNJZgKNVxyti7DReZXor4bBPW m6tHZa FliDIttfU/K6zs4ODcyxWwDQdkIIGvW9yg3ZP/AhSWwK9PQFCeIJ; Received: from us.emarsys.net (10.105.0.82) by e3uspmta152.emarsys.net (PowerMTA(TM) v3.2r2) id hjt1f80g8bc6 for <[EMAIL PROTECTED]>; Sun, 10 Aug 2008 21:35:14 +0200 (envelope-from <[EMAIL PROTECTED]>) From: eBay Motors <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: List your car locally on eBay Motors! X-EMarSys-Environment: e3us X-EMarSys-Identify: 1301_810712249304_831911679098 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="_----------=_112358201558820" Date: Sun, 10 Aug 2008 21:35:14 +0200 Message-Id: <[EMAIL PROTECTED]> X-user: ::::91.194.248.152:box106.bluehost.com:::::: ebay often uses emarsys.net as their bulk mailer. I have added the following fules (more or less at random in the hope that one of them would work--I know I can delete some of them once I get this working) whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] us.emarsys.net whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] us.emarsys.net whitelist_from_dkim @ebay.com whitelist_from_dkim [EMAIL PROTECTED] but when I pipe the message through sa, I get this: [5464] dbg: dkim: performing public key lookup and signature verification [5464] dbg: dkim: signing identity: @ebay.com, d=ebay.com, a=rsa-sha1, c=relaxed/relaxed [5464] dbg: dkim: signing identity: [EMAIL PROTECTED], d=ebay.com, a=rsa-sha1, c=nofws [5464] dbg: dkim: signature verification result: PASS [5464] dbg: dkim: VALID third-party signature by id @ebay.com, author [EMAIL PROTECTED], no valid matches [5464] dbg: dkim: FAILED author signature by id [EMAIL PROTECTED], author [EMAIL PROTECTED], MATCHES whitelist_from_dkim (?i-xsm:[EMAIL PROTECTED]) [5464] dbg: dkim: FAILED author signature by id [EMAIL PROTECTED], author [EMAIL PROTECTED], MATCHES whitelist_from_dkim (?i-xsm:[EMAIL PROTECTED]) [5464] dbg: dkim: FAILED author signature by id [EMAIL PROTECTED], author [EMAIL PROTECTED], no valid matches [5464] dbg: dkim: author [EMAIL PROTECTED], found in whitelist_from_dkim BUT IGNORED [5464] dbg: dkim: policy: performing lookup [5464] dbg: dkim: policy result neutral: o=~ would you believe that the following google search has zero hits? http://www.google.com/search?num=100&hl=en&safe=off&q=%22failed+author+s ignature%22+dkim&btnG=Search Thanks in advance! Skip Randal, Phil wrote: > whitelist_from_dkim might be a better way to go: > > http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin > _D > KIM.html > > Cheers, > > Phil > > > -- > Phil Randal > Networks Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: Skip [mailto:[EMAIL PROTECTED] > Sent: 11 August 2008 14:15 > To: SpamAssassin Users List > Subject: more help on whitelist_from_rcvd > > I'm trying to make sure email from ebay is legit. I received an email > from ebay today with the following headers: > > Received: from mxsmfpool02.ebay.com ([66.135.209.199] > helo=mxsmfpool01.ebay.com) > by box106.bluehost.com with esmtp (Exim 4.69) > (envelope-from <[EMAIL PROTECTED]>) > id 1KSISe-0003wZ-8P > for [EMAIL PROTECTED]; Sun, 10 Aug 2008 15:28:24 -0600 > Received: from sjc2bat11.sjc.ebay.com ([10.8.194.232]) > by mxsmfpool01.ebay.com (8.13.5/8.13.5) with ESMTP id > m7ALSNCM012713 > for <[EMAIL PROTECTED]>; Sun, 10 Aug 2008 14:28:27 -0700 > DomainKey-Signature: a=rsa-sha1; s=dksm28; d=ebay.com; c=nofws; q=dns; > > h=x-ebay-mailtracker:to:from:mime-version:content-type:subject:date: > message-id:reply-to:x-ebay-mailversiontracker; > > b=oMkULX7sexFP8Davsg9eBquC6yrj7BytJZVtNZ8qQwuipOJUcwjSPZvcmQdYyx+zU > 68Ot5VuDBGylST0mLRzsQ== > X-eBay-MailTracker: 11020.567.0.0 > To: [EMAIL PROTECTED] > From: eBay <[EMAIL PROTECTED]> > Mime-Version: 1.0 > Content-Type: multipart/alternative; > boundary=23401732.1218403700945.JavaMail.ebba.sjc2bat11 > Subject: Check out the latest items from your favorite sellers on eBay > Date: Sun, 10 Aug 08 14:28:20 GMT-0700 > Message-ID: <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > X-eBay-MailVersionTracker: 567.6690890 > X-user: ::::66.135.209.199:box106.bluehost.com:::::: > > And I figured the following SA rules would guarantee passage: > > whitelist_from_rcvd [EMAIL PROTECTED] sjc2bat11.sjc.ebay.com > whitelist_from_rcvd [EMAIL PROTECTED] mxsmfpool02.ebay.com > whitelist_from_rcvd [EMAIL PROTECTED] mxsmfpool01.ebay.com > whitelist_from_rcvd [EMAIL PROTECTED] ebay.com whitelist_from_rcvd > [EMAIL PROTECTED] emarsys.net > > trusted_networks 192.168/16 > trusted_networks 69.89.22.106 > trusted_networks 68.231.250/8 > internal_networks 192.168/16 > internal_networks 69.89.22.106 > internal_networks 68.231.250/8 > > But alas, it does not work--I'm still not able to whitelist this > message. I realize that with this route, I would have to whitelist > every one of ebay's outgoing mail servers (right???), or is there a > better way? In concept, this seems like a great way to ensure one > does not get spoofed emails, but gosh, it sure is hard to set up the > rules for it. Unless I'm missing something simple.... > > Skip > > -- Get my PGP Public key here: http://pelorus.org/[EMAIL PROTECTED]
