Mailing List Archive

Am 27.05.20 um 18:35 schrieb @lbutlr:
> What, if any, local SpamAssassin settings does spams-milter use when processing incoming mail?
>
> For example, if I wanted to white list a sender or blacklist a domain, would the general settings in /usr/local/etc/spamassasin/local.cf be the place?
>
> I am wondering because I have a server whitelisted in that file (or do I?), but I am seeing occasional logs like:
>
> postfix/cleanup[7771] 49MN7m64m8z2rPFW: milter-reject: END-OF-MESSAGE from server.example.com[n.n.n.n]: 5.7.1 Blocked by SpamAssassin;
>
> # Allow all mailing list posts from example.com
> whitelist_from_rcvd: *@* server.example.com
>
> This seems to be in accordance with the docs.
>
>
i think it was

*@example.com

but perhaps my memory is out of date

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

On 27 May 2020, at 10:44, Robert Schetterer <rs@sys4.de> wrote:
> Am 27.05.20 um 18:35 schrieb @lbutlr:
>> # Allow all mailing list posts from example.com

>> whitelist_from_rcvd: *@* server.example.com

Actual file has "whitelist_from_rcvd *@* server.example.com" without the ':'. Was hopeful that was the issue.

>> This seems to be in accordance with the docs.

> i think it was
>
> *@example.com
>
> but perhaps my memory is out of date

The docs for whitelist_from_rcvd show the following examples:

whitelist_from_rcvd joe@example.com example.com
whitelist_from_rcvd *@* mail.example.org
whitelist_from_rcvd *@axkit.org [192.0.2.123]
whitelist_from_rcvd *@axkit.org [192.0.2.0/24]
whitelist_from_rcvd *@axkit.org [192.0.2.0]/24
whitelist_from_rcvd *@axkit.org [2001:db8:1234::/48]
whitelist_from_rcvd *@axkit.org [2001:db8:1234::]/48

<https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html>



--
Instant karma's going to get you!

On Wed, 27 May 2020 10:35:26 -0600
@lbutlr wrote:

> What, if any, local SpamAssassin settings does spams-milter use when
> processing incoming mail?
>
> For example, if I wanted to white list a sender or blacklist a
> domain, would the general settings in
> /usr/local/etc/spamassasin/local.cf be the place?
>
> I am wondering because I have a server whitelisted in that file (or
> do I?), but I am seeing occasional logs like:
>
> postfix/cleanup[7771] 49MN7m64m8z2rPFW: milter-reject: END-OF-MESSAGE
> from server.example.com[n.n.n.n]: 5.7.1 Blocked by SpamAssassin;
...
> whitelist_from_rcvd: *@* server.example.com

whitelist_from_rcvd needs rDNS to be recorded in the Received header on
the edge of the trusted network (this is not necessarily your own
server). The lack of recorded rDNS is a common reason for failure.

There's also a potential complication here that spamass-milter forges a
provisional received header for SpamAssassin to use.

On Thu, 28 May 2020 01:04:20 +0100
RW wrote:

> On Wed, 27 May 2020 10:35:26 -0600
> @lbutlr wrote:

> > I am wondering because I have a server whitelisted in that file (or
> > do I?), but I am seeing occasional logs like:

> The lack of recorded rDNS is a common reason for failure.

I should have added that if whitelist_from_rcvd *@* server.example.com
(without the colon) is only only failing occasionally on mail from
server.example.com, it's probably just an rDNS lookup failure of some
sort.

On 27 May 2020, at 18:27, RW <rwmaillists@googlemail.com> wrote:
> I should have added that if whitelist_from_rcvd *@* server.example.com
> (without the colon) is only only failing occasionally on mail from
> server.example.com, it's probably just an rDNS lookup failure of some
> sort.

Well, I do not get anything that I consider spam from that server, so how often is this happening? Is it every time spamass-milter thinks the message is spam or is it some odd rdns issue? And how could I possibly try? The name and IP of the server show up in postfix logs.




--
Patty > Melt > Foundry > Terminator > SCSI > Voodoo > Economics >
Discworld > Ringworld > Niven > Pink Panther > Black Panther >
Avengers > Assemble > LEGO > Builder > Bob (word association with
geeks)

On Wed, 27 May 2020, @lbutlr wrote:

> On 27 May 2020, at 18:27, RW <rwmaillists@googlemail.com> wrote:
>> I should have added that if whitelist_from_rcvd *@* server.example.com
>> (without the colon) is only only failing occasionally on mail from
>> server.example.com, it's probably just an rDNS lookup failure of some
>> sort.
>
> Well, I do not get anything that I consider spam from that server, so
> how often is this happening? Is it every time spamass-milter thinks the
> message is spam or is it some odd rdns issue? And how could I possibly
> try? The name and IP of the server show up in postfix logs.

Consider telling your MTA to skip SA entirely for that IP.


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the good of having the government prohibited from doing harm
far outweighs the harm of having it obstructed from doing good.
-- Mike@mike-istan
-----------------------------------------------------------------------
10 days until the 76th anniversary of D-Day

On May 27, 2020, at 20:08, John Hardin <jhardin@impsec.org> wrote:
>
> ?On Wed, 27 May 2020, @lbutlr wrote:
>>> On 27 May 2020, at 18:27, RW <rwmaillists@googlemail.com> wrote:
>>> I should have added that if whitelist_from_rcvd *@* server.example.com
>>> (without the colon) is only only failing occasionally on mail from
>>> server.example.com, it's probably just an rDNS lookup failure of some
>>> sort.
>>
>> Well, I do not get anything that I consider spam from that server, so how often is this happening? Is it every time spamass-milter thinks the message is spam or is it some odd rdns issue? And how could I possibly try? The name and IP of the server show up in postfix logs.
>
> Consider telling your MTA to skip SA entirely for that IP.

This is my server running my Postfix, bind, Spamassassin, and spamass-milter. I am trying to stop SA from checking mail from that domain (not a single IP).

--
My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now

On 27.05.20 10:35, @lbutlr wrote:
>What, if any, local SpamAssassin settings does spams-milter use when
> processing incoming mail?

don't you mean spamass-milter?

>For example, if I wanted to white list a sender or blacklist a domain, would the general settings in /usr/local/etc/spamassasin/local.cf be the place?
>
>I am wondering because I have a server whitelisted in that file (or do I?), but I am seeing occasional logs like:
>
>postfix/cleanup[7771] 49MN7m64m8z2rPFW: milter-reject: END-OF-MESSAGE from server.example.com[n.n.n.n]: 5.7.1 Blocked by SpamAssassin;

... looks like. You may use

"-i n.n.n.n" option for spamass-milter not to scan mail coming from this IP

># Allow all mailing list posts from example.com
>whitelist_from_rcvd: *@* server.example.com
>
>This seems to be in accordance with the docs.


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.

On Wed, 27 May 2020, LuKreme wrote:

> On May 27, 2020, at 20:08, John Hardin <jhardin@impsec.org> wrote:
>>
>> ?On Wed, 27 May 2020, @lbutlr wrote:
>>>> On 27 May 2020, at 18:27, RW <rwmaillists@googlemail.com> wrote:
>>>> I should have added that if whitelist_from_rcvd *@* server.example.com
>>>> (without the colon) is only only failing occasionally on mail from
>>>> server.example.com, it's probably just an rDNS lookup failure of some
>>>> sort.
>>>
>>> Well, I do not get anything that I consider spam from that server, so how often is this happening? Is it every time spamass-milter thinks the message is spam or is it some odd rdns issue? And how could I possibly try? The name and IP of the server show up in postfix logs.
>>
>> Consider telling your MTA to skip SA entirely for that IP.
>
> This is my server running my Postfix, bind, Spamassassin, and spamass-milter. I am trying to stop SA from checking mail from that domain (not a single IP).

...or for mail from that domain.

There is no way you can configure SA to stop checking any messages it is
given. The most you can do is affect what score it assigns (which is what
you're attempting).

If you're *always* going to accept messages from a given IP/domain, then
tell your MTA to not send those messages to SA and spare the processing
overhead.

One reason to not do that is if you have bayes autolearn enabled and you
want that ham to potentially contribute to the bayes scoring.


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
A government is a lot like a gun: It's always loaded,
and it's stupid and dangerous to point it at anything
you don't intend to hurt. -- GOF at TSM
-----------------------------------------------------------------------
9 days until the 76th anniversary of D-Day