Re: whitelist_auth and other whitelist issues

Sat, 29 Jul 2017 16:28:00 -0700 

On 07/29/2017 04:33 PM, Alex wrote:

I have a number of domains that I'm trying to whitelist. They hit
DKIM_VALID and SPF_PASS but all don't hit DKIM_VALID_AU. First, why
would they hit DKIM_VALID and not DKIM_VALID_AU?



DKIM_VALID simply means the DKIM signature is a correctly signed message.
DKIM_VALID_AU means it was correctly signed by the author's domain. These are ones that will work with whitelist_auth entries. 


 From 
bounce-mc.us1_1211649.1262601-kelly.boschen=example....@mail93.suw13.rsgsv.net
  Sat Jul 29 14:23:05 2017
From: =?utf-8?Q?Lifehacker=20Newsletter?= <newslet...@lifehacker.com>

What is mail93.suw13.rsgsv.net? Can we be assured that's the host
designated to this sender? And of course I'm assuming there's the
potential they could reuse that host for another customer at some
point in the future. Would whitelist_auth *@mail93.suw13.rsgsv.net
whitelist only mail from lifehacker?

Or would I have to use whitelist_from_rcvd?



I have this in my platform:

whitelist_from_rcvd *@*.rsgsv.net rsgsv.net
This is related to MailChimp and they are trustworthy senders with valid opt-out processing. 


Another example:
 From deerpark+caf_=44451=example....@gmail.com  Sat Jul 29 09:43:33 2017
From: "Office Depot" <rewa...@e.officedepot.com>

In this case I can't use whitelist_auth *@gmail.com, but using
whitelist_from_rcvd and gmail.com is not a good idea either. I'm also
curious what Google service Office Depot is using to route their mail?
Is it just GMail for Business or something?
This was sent to a gmail.com recipient then forwarded to a domain that you filter for. See http://www.openspf.org/SRS 


My third example:
 From 
0101015d8f37100b-117c2da7-b060-4247-a511-6e473d6822c2-000...@us-west-2.amazonses.com
  Sat Jul 29 12:39:02 2017
From: Southwest Airlines <surv...@southwest.magid.com>

This also passed DKIM_VALID_AU and SPF_PASS. How do you whitelist mail
that is routed through amazon?



If this sender has a valid opt-out I would add:

whitelist_auth *@*.magid.com


I realize I could probably get away without whitelisting all of these
and never have a problem. These are just examples (and to better
understand). I'd also like to be able to increase scores of other
rules affecting these emails and not have to worry about them becoming
false-positives.
I shortcircuit WHITELIST and BLACKLIST rules so they score very low and high respectively. 

--
David Jones

Reply via email to