Whitelist sender header "from" field

Discussion:

Nick I via amavis-users

2014-01-20 19:50:08 UTC

Hello,

I have amavisd-new-2.8.0-4 installed on CentOS 6.4.
Sometime recipient receive mail from amazonses.com and it goes to spam
folder.
The envelope-from address is random like this:
000001392ed43711-77194d06-79b8-4d3a-850d-c54fa8b8097b-***@amazonses.com

But "From:" filed at header is different. For ex.:
***@domain.com

We use score_sender_maps for the whitelist. I suppose since amavisd 2.6
both envelope and header from field (author address) checked.
But on my installation whitelist '***@domain.com' does not work when
envelope sender is different.

Can you please help me with this? I have to use score_sender_maps on this
server.

Thank you.

Patrick Ben Koetter via amavis-users

2014-01-20 22:17:47 UTC

Permalink

Nick,

Post by Nick I via amavis-users
I have amavisd-new-2.8.0-4 installed on CentOS 6.4.
Sometime recipient receive mail from amazonses.com and it goes to spam
folder.
We use score_sender_maps for the whitelist. I suppose since amavisd 2.6
both envelope and header from field (author address) checked.
envelope sender is different.
Can you please help me with this? I have to use score_sender_maps on this
server.

for most parts amavis executes what spamassassin reports as spam. You will
probably need to work on your SpamAssassin config and not amavis.

What does spamassassin report when you feed it with the mail manually:

% spamassassin <spam.msg

Take a look at the decision spamassassin adds. Find out which tests score and
maybe which score to high. Then you will probably know wherer to start
optimization.

***@rick

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Nick I via amavis-users

2014-01-21 11:55:08 UTC

Permalink

Patrick,

I do not want to change score for the spamassassin and optimise it in that
way.
Because if i reduce spam score i can pass some spam to come in.
Also i do not want to whitelist whole domain amazonses.com.

I suppose that amavis can whitelist sender ***@domain.com (at From
header field) if it is at sender_score_maps.

I know that it is better to use author_to_policy_bank_maps for whitelist
purpose but i already have huge sender_score_maps list which works per user.

Can you please suggest if there is another option that control whilteist
sender listed at From header field? What should i see in amavis debug for
the sender whilteist?

Thanks.

Nick I via amavis-users

2014-01-21 17:05:07 UTC

Permalink

Here is what i found.
i set log_level = 5 and send test with spoofed from address:

# telnet localhost 25
Trying
127.0.0.1...

Connected to
localhost.

Escape character is '^]'.
220 *****.com ESMTP Postfix
helo localhost
250 *****.com
MAIL FROM:<
00000143a938e8c1-a7816299-e8ee-4a53-be72-1b13349262f1-***@amazonses.com>
250 2.1.0
Ok

RCPT TO:<***@example.com>

250 2.1.5 Ok
Data
354 End data with <CR><LF>.<CR><LF>
From: <***@ConnectedCommunity.org>
Subject: TEST telnet
sdfsdf
.
250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as
D169A26CE6
quit
221 2.0.0 Bye

Amavis log:
wbl: checking sender <
00000143a938e8c1-a7816299-e8ee-4a53-be72-1b13349262f1-***@amazonses.com>,
<***@ConnectedCommunity.org>
wbl: soft-whitelisted (-100) sender <***@ConnectedCommunity.org> => <
***@example.com>, recip_key="example.com"
...
header: X-Spam-Status: No, score=-98.256 tag=-1000 tag2=5
kill=100\n\ttests=[ALL_TRUSTED=-1, AM.WBL=-100,
MISSING_DATE=1.396,\n\tMISSING_HEADERS=1.207, MISSING_MID=0.14,
TVD_SPACE_RATIO=0.001]\n\tautolearn=disabled\n

So it does work from this test.
But wbl does not work in real mail flow when senders are different, only
1st checked.

Any thoughts?

Post by Nick I via amavis-users
Patrick,
I do not want to change score for the spamassassin and optimise it in that
way.
Because if i reduce spam score i can pass some spam to come in.
Also i do not want to whitelist whole domain amazonses.com.
header field) if it is at sender_score_maps.
I know that it is better to use author_to_policy_bank_maps for whitelist
purpose but i already have huge sender_score_maps list which works per user.
Can you please suggest if there is another option that control whilteist
sender listed at From header field? What should i see in amavis debug for
the sender whilteist?
Thanks.

Nick I via amavis-users

2014-01-22 12:45:37 UTC

Permalink

I found that whole domain
amazonses.com<00000143a938e8c1-a7816299-e8ee-4a53-be72-1b13349262f1-***@amazonses.com>was
at blacklist on sender_score_map on one of the included file (
So amavis make check for both envelope sender and From header field.
wbl soft-blacklist executed before, score got 100 points and is rejected
(in my case).

Is it posssible to make whitelist check before blacklist ?

Post by Nick I via amavis-users
Here is what i found.
# telnet localhost 25
Trying
127.0.0.1...
Connected to
localhost.
Escape character is '^]'.
220 *****.com ESMTP Postfix
helo localhost
250 *****.com
MAIL FROM:<
250 2.1.0
Ok
250 2.1.5 Ok
Data
354 End data with <CR><LF>.<CR><LF>
Subject: TEST telnet
sdfsdf
.
250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as
D169A26CE6
quit
221 2.0.0 Bye
wbl: checking sender <
...
header: X-Spam-Status: No, score=-98.256 tag=-1000 tag2=5
kill=100\n\ttests=[ALL_TRUSTED=-1, AM.WBL=-100,
MISSING_DATE=1.396,\n\tMISSING_HEADERS=1.207, MISSING_MID=0.14,
TVD_SPACE_RATIO=0.001]\n\tautolearn=disabled\n
So it does work from this test.
But wbl does not work in real mail flow when senders are different, only
1st checked.
Any thoughts?

Post by Nick I via amavis-users
Patrick,
I do not want to change score for the spamassassin and optimise it in
that way.
Because if i reduce spam score i can pass some spam to come in.
Also i do not want to whitelist whole domain amazonses.com.
header field) if it is at sender_score_maps.
I know that it is better to use author_to_policy_bank_maps for whitelist
purpose but i already have huge sender_score_maps list which works per user.
Can you please suggest if there is another option that control whilteist
sender listed at From header field? What should i see in amavis debug for
the sender whilteist?
Thanks.