On 23.03.17 16:06, fitz wrote:
I am attempting to tighten up my whitelists, replacing whitelist_from with
whitelist_auth, whitelist_spf, and/or whitelist_dkim. And having trouble.
The simplistic example of
whitelist_auth b...@example.com example.net
does not really cut it.
For example, I have the following headers:
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=76.74.244.76; helo=outbound076.dcm8.com;
envelope-from=qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e...@inbound.dcm8.com;
the envelope sender is
qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e...@inbound.dcm8.com
although it's mentioned in no header other than this one.
receiver=some...@bebop.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1;
d=inbound.dcm8.com;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:List-Unsubscribe;
bh=glCJ7SPuJhI+sBNWpIcLUzww974=;
b=xtADEde9s1pYTVT8IBwjLVjOiDNCjf8GY3vaqk7HmMMgRtOzRhRcGZkT+yeKNHwlIOk8iYD9Y6uX
mMrOwIYFJ1H5iX1hn5Mj+Pd3BTpdhxPDd0YUBbfvmoa/W7hj2plUYDtSKt5wGYU8GRjSNj7xK5zx
juMZm6vlWkfFTwRdyM8=
the signing domain is inbound.dcm8.com
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1;
d=questdiagnosticssurvey.com;
b=mC5TtAPZBG0FwqfSaoAAFEn2hGO193KMoqpRbx/C3CmZ1KTfhcBz+9MsDi5z2dma4tkwLeGXYmMU
IyL3l2Y9bZD5MhpdA3daN8Z2o23QKgHFM7KHxfovtClAniOhoNDukdWhLAumDMlsmg4GG/iutulk
TbSLKC7h4SYaWu/Y1js=;
Received: from parking.hostmonster.com (10.0.95.23) by outbound076.dcm8.com
(PowerMTA(TM) v3.5r15) id hqfm400lr5gd for <some...@bebop.com>; Thu, 23 Mar
2017 15:39:28 +0000 (envelope-from
<qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e...@inbound.dcm8.com>)
Date: Thu, 23 Mar 2017 15:39:28 +0000
From: Quest Diagnostics <sur...@questdiagnosticssurvey.com>
Reply-To: Quest Diagnostics <sur...@questdiagnosticssurvey.com>
I have tried
whitelist_(spf|auth|dkim) *@QuestDiagnosticsSurvey.com
(questdiagnosticssurvey.com | inbound.dcm8.com | outbound076.dcm8.com |
dcm8.com)
and none seem to work. I get SPF AUTH and DKIM_VALID_AU but no
USER_IN_WHITELIST.
I have been able to get the whitelist_auth to work for gmail, comcast, and a
few other places, but this one does not seem to work using the same rules.
From WHERE is one supposed to pull the second parameter for these rules?
as others already noted, you mistook whitelist directived for
whitelist_from_rcvd
whitelist_auth and whitelist_spf use only one parameter.
whitelist_from_dkim uses two parameters - From: address and signing domain.
(does my example above work?)
Note that all those whitelist directives use different headers to find the
sender.
Also note that the mail above is problematic, because From: address differs
from envelope from: (on whith SPF is based). That apparently causes your
problems:
whitelist_spf would work on address:
qd_pat_ba7cce6de305fce6b09be229f71e639fdebb287253d1e...@inbound.dcm8.com
whitelist_from_dkim whitelist_sur...@questdiagnosticssurvey.com inbound.dcm8.com
- should work, but you need the signing domain
Because of the above whitelist_auth won't work because whitelist_spf fails
AND whitelist_from_dkim fails if you don't add domain (which whitelist_auth
does not).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
