From: Anthony Hoppe <aho...@sjcourts.org> >Can I whitelist based on a combination of the Received header and domain in >the Return-Path?
>Here are headers from one of the messages: https://pastebin.com/ijy9Z51y >I'm thinking something like... >whitelist_from_rcvd @sjcourts.gmail.net-login.com phishtest.knowbe4.com I am not sure if it will use the Return-Path. Normally you need to find the envelope-from and use that address but I am not seeing it based on those headers. Also, I don't see SPF_PASS or DKIM_VALID_AU so whitelist_auth isn't going to work in this case. I did find one of these emails from that IP back in November on my mail filters and the envelope-from was pstboun...@knowbe4.com. whitelist_from_rcvd *@knowbe4.com phishtest.knowbe4.com Dave >From: "Alex" <mysqlstud...@gmail.com> >> header AH_KNOWBE4 Received=~ /phishtest\.knowbe4\.com/ >> score AH_KNOWBE4 score -10.0 >> describe AH_KNOWBE4 Prevents KnowBe4 campaign emails from falling into >> users Junk folders >Since you're already subtracting 10 points, have you thought about >just whitelisting it? If it has an SPF check or DKIM, it would more >secure than what you're doing. >whitelist_auth u...@knowb4.com >Otherwise, something like this would do it: >whitelist_from_rcvd u...@knowbe4.com phishtest.knowbe4.com Regards, Alex
