Discussion:
Whitelist advice, correct way to minimize score for known domains from gapps
Voytek
9417-01-17 21:19:59 UTC
Permalink
I have several domains where email is on gapps, and, noticed emails from
such user get around 3+/spam, above my threshold of 3,
tried to whitelist using such, but, didn't seem to work

what the correct way to whitelst such domains, should that be
gappssmtp.com ? as last item NOT SENDERTLD.com ?

-----------
cat /etc/mail/spamassassin/local.cf
.../trim/...
whitelist_from_rcvd *@SENDERTLD.com SENDERTLD.com


===========
Return-Path: <***@SENDERTLD.com>
Delivered-To: ***@sbt.net.au
Received: from localhost (localhost [127.0.0.1])
by geko.sbt.net.au (Postfix) with ESMTP id 9B5E664BF2E3
for <***@sbt.net.au>; Thu, 22 Feb 2018 15:53:34 +1100 (AEDT)
X-Virus-Scanned: amavisd-new at sbt.net.au
X-Spam-Flag: NO
X-Spam-Score: 3.86
X-Spam-Level: ***
X-Spam-Status: No, score=3.86 tagged_above=2 required=6.2
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_IMAGE_ONLY_08=1.781,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.105, SPF_SOFTFAIL=0.972,
URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: geko.sbt.net.au (amavisd-new);
dkim=pass (2048-bit key) header.d=SENDERTLD-com.20150623.gappssmtp.com
Received: from geko.sbt.net.au ([127.0.0.1])
by localhost (geko.sbt.net.au [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id V_DN-7-7FF3H for <***@sbt.net.au>;
Thu, 22 Feb 2018 15:53:27 +1100 (AEDT)
Received: from mail-it0-f45.google.com (mail-it0-f45.google.com
[209.85.214.45])
by geko.sbt.net.au (Postfix) with ESMTPS id 4308064D5D6F
for <***@sbt.net.au>; Thu, 22 Feb 2018 15:53:25 +1100 (AEDT)
Received: by mail-it0-f45.google.com with SMTP id n7so4769838ita.5
for <***@sbt.net.au>; Wed, 21 Feb 2018 20:53:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=SENDERTLD-com.20150623.gappssmtp.com; s=20150623;
h=reply-to:to:from:subject:organization:message-id:date:user-agent
:mime-version;
bh=1jjbz+n4ebfJauh3AY80pwowR1/YCl/OFEbuXKJetXw=;
/stripped/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:reply-to:to:from:subject:organization:message-id
:date:user-agent:mime-version;
bh=1jjbz+n4ebfJauh3AY80pwowR1/YCl/OFEbuXKJetXw=;
/stripped/==
Dauser Martin Johannes
2018-02-26 18:36:36 UTC
Permalink
This post might be inappropriate. Click to display it.
Dusan Obradovic
2018-02-28 22:04:26 UTC
Permalink
> On Feb 26, 2018, at 19:36, Dauser Martin Johannes <***@cs.sbg.ac.at> wrote:
>
> within amavis:
> ##############
>
> A) As those mails are successfully DKIM signed you could do a hard or
> soft whitelist by selecting a custom policy bank based on successful
> DKIM and sender's envelope address (Return-Path: )
>
> @author_to_policy_bank_maps = (
> read_hash("/etc/amavisd/DKIM_sender_to_policy-bank") );
> ##
> ## content example /etc/amavisd/DKIM_sender_to_policy-bank
> ##
> ## '***@SENDERTLD.com' 'WHITELIST'
> ## 'SENDERTLD.com' 'MILD_WHITELIST'
>
> # do no spamassassin checks at all
> $policy_bank{'WHITELIST'} = {
> bypass_spam_checks_maps => [1],
> spam_lovers_maps => [1],
> };
>
> # reduce spam score by 3.0
> $policy_bank{'MILD_WHITELIST'} = {
> score_sender_maps => [ { '.' => [-3.0] } ],
> };

SpamAssassin's alternative,
whitelist_auth ***@sender.tld *@sender.tld

whitelist_auth ***@ress.com
Used to specify addresses which send mail that is often tagged
(incorrectly) as spam. This is different from "whitelist_from"
and "whitelist_from_rcvd" in that it first verifies that the
message was sent by an authorized sender for the address, before
whitelisting.

Authorization is performed using one of the installed
sender-authorization schemes: SPF (using
"Mail::SpamAssassin::Plugins::SPF"), Domain Keys (using
"Mail::SpamAssassin::Plugins::DomainKeys"), or DKIM (using
"Mail::SpamAssassin::Plugins::DKIM"). Note that those plugins
must be active, and working, for this to operate.

Using "whitelist_auth" is roughly equivalent to specifying
duplicate "whitelist_from_spf", "whitelist_from_dk", and
"whitelist_from_dkim" lines for each of the addresses specified.

e.g.

whitelist_auth ***@example.com ***@example.com
whitelist_auth *@example.com
Loading...