On Thu, 23 Mar 2017, fitz wrote:
I am attempting to tighten up my whitelists, replacing whitelist_from with
whitelist_auth, whitelist_spf, and/or whitelist_dkim. And having trouble.
The simplistic example of
whitelist_auth b...@example.com example.net
does not really cut it.
For example, I have the following headers:
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=76.74.244.76; helo=outbound076.dcm8.com;
envelope-from=qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e...@inbound.dcm8.com;
receiver=some...@bebop.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1;
d=inbound.dcm8.com;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:List-Unsubscribe;
bh=glCJ7SPuJhI+sBNWpIcLUzww974=;
b=xtADEde9s1pYTVT8IBwjLVjOiDNCjf8GY3vaqk7HmMMgRtOzRhRcGZkT+yeKNHwlIOk8iYD9Y6uX
mMrOwIYFJ1H5iX1hn5Mj+Pd3BTpdhxPDd0YUBbfvmoa/W7hj2plUYDtSKt5wGYU8GRjSNj7xK5zx
juMZm6vlWkfFTwRdyM8=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1;
d=questdiagnosticssurvey.com;
b=mC5TtAPZBG0FwqfSaoAAFEn2hGO193KMoqpRbx/C3CmZ1KTfhcBz+9MsDi5z2dma4tkwLeGXYmMU
IyL3l2Y9bZD5MhpdA3daN8Z2o23QKgHFM7KHxfovtClAniOhoNDukdWhLAumDMlsmg4GG/iutulk
TbSLKC7h4SYaWu/Y1js=;
Received: from parking.hostmonster.com (10.0.95.23) by outbound076.dcm8.com
(PowerMTA(TM) v3.5r15) id hqfm400lr5gd for <some...@bebop.com>; Thu, 23 Mar
2017 15:39:28 +0000 (envelope-from
<qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e...@inbound.dcm8.com>)
Date: Thu, 23 Mar 2017 15:39:28 +0000
From: Quest Diagnostics <sur...@questdiagnosticssurvey.com>
Reply-To: Quest Diagnostics <sur...@questdiagnosticssurvey.com>
I have tried
whitelist_(spf|auth|dkim) *@QuestDiagnosticsSurvey.com
(questdiagnosticssurvey.com | inbound.dcm8.com | outbound076.dcm8.com |
dcm8.com)
and none seem to work. I get SPF AUTH and DKIM_VALID_AU but no
USER_IN_WHITELIST.
I have been able to get the whitelist_auth to work for gmail, comcast, and a
few other places, but this one does not seem to work using the same rules.
From WHERE is one supposed to pull the second parameter for these rules?
I think you are confusing whitelist_(spf|auth|dkim) with
whitelist_from_received
The former only requires single addresses/address-patterns the latter requires
pairs of configuration data.
EG for your example try:
whitelist_auth sur...@questdiagnosticssurvey.com
whitelist_spf *@inbound.dcm8.com
One slight potential point of confusion, whitelist_(spf|auth|dkim) allows for
multiple addresses on one line, so it can look a little like
whitelist_from_received which -requires- pairs of conf data but
whitelist_(spf|auth|dkim) actuall works on single address/patterns.
FWIW, I personally like the "def_whitelist_*" form. The def_whitelist_*
varient only gives an addtional -15 score (instead of the -100 from the full
varient). This usually gives the necessary boost to get mis-classified messages
past filtering with out totally swamping nasty spam that sometimes gets emitted
from ordinarily whitelisted sources. (EG when a whitehat business gets
compromised or one of their staff gets phished).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
