Hi, it appears SANS is using amazon to relay some of their mail, but does not sign their messages with DKIM. The mail is sent as part of some corporate training program they're doing, using the domain of the company contracting with them for the training.
So the mail is signed with DKIM_VALID and SPF, but not DKIM_VALID_AU, making it difficult to whitelist. It shouldn't need to be whitelisted in the first place, but my users are demanding it be done. More generally, how can I whitelist mail that originates from something like 0101015e15fd907e-7806-4437-936b-47b4bf2a606b-000...@us-west-2.amazonses.com and has no DKIM_VALID_AU, making it impossible to whitelist by From address? My concern is using whitelist_from_rcvd with a generic sender like amazonses doesn't really provide much additional security when it's effectively a freemail relay. Maybe create a unique rule that subtracts points?
