Can I whitelist based on a combination of the Received header and domain in the Return-Path?
Here are headers from one of the messages: https://pastebin.com/ijy9Z51y I'm thinking something like... whitelist_from_rcvd @sjcourts.gmail.net-login.com phishtest.knowbe4.com ----- Original Message ----- From: "Alex" <mysqlstud...@gmail.com> To: "Anthony Hoppe" <aho...@sjcourts.org>, "SpamAssassin" <users@spamassassin.apache.org> Sent: Wednesday, May 10, 2017 5:41:37 PM Subject: Re: Negative rule score not working as expected Hi, > header AH_KNOWBE4 Received=~ /phishtest\.knowbe4\.com/ > score AH_KNOWBE4 score -10.0 > describe AH_KNOWBE4 Prevents KnowBe4 campaign emails from falling into > users Junk folders Since you're already subtracting 10 points, have you thought about just whitelisting it? If it has an SPF check or DKIM, it would more secure than what you're doing. whitelist_auth u...@knowb4.com Otherwise, something like this would do it: whitelist_from_rcvd u...@knowbe4.com phishtest.knowbe4.com Regards, Alex
