Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
Did the whitelist_from_rcvd semantics change?
philipp_subx at redfish-solutions
Apr 24, 2023, 1:32 PM
Post #1 of 10 (402 views)
Permalink
Hi,

I have the following line:

whitelist_from_rcvd *@ceipalmm.com mailgun.net

And tried it on a message that had:

Return-Path: <blurble@mg2.ceipalmm.com>

But it didn't get whitelisted. If I change the pattern above to "*@mg2.ceipalmm.com" it works. I thought the matching included subdomains, and seem to remember that working.

But just ran a simple test and that's not the case.

Is this a bug? Looking at Mail/SpamAssassin/Plugin/WLBLEval.pm I see:

if ($rdns =~ /(?:^|\.)\Q${domain}\E$/i) { $match=1; last }

So I *thought* that was what was happening, but testing says otherwise.

Insights?

Thanks,

-Philip
Re: Did the whitelist_from_rcvd semantics change? [ In reply to ]
philipp_subx at redfish-solutions
Apr 24, 2023, 1:34 PM
Post #2 of 10 (402 views)
Permalink
Oh, and this is on Fedora, so I'm running 3.4.6...


> On Apr 24, 2023, at 2:32 PM, Philip Prindeville <philipp_subx@redfish-solutions.com> wrote:
>
> Hi,
>
> I have the following line:
>
> whitelist_from_rcvd *@ceipalmm.com mailgun.net
>
> And tried it on a message that had:
>
> Return-Path: <blurble@mg2.ceipalmm.com>
>
> But it didn't get whitelisted. If I change the pattern above to "*@mg2.ceipalmm.com" it works. I thought the matching included subdomains, and seem to remember that working.
>
> But just ran a simple test and that's not the case.
>
> Is this a bug? Looking at Mail/SpamAssassin/Plugin/WLBLEval.pm I see:
>
> if ($rdns =~ /(?:^|\.)\Q${domain}\E$/i) { $match=1; last }
>
> So I *thought* that was what was happening, but testing says otherwise.
>
> Insights?
>
> Thanks,
>
> -Philip
>
Re: Did the whitelist_from_rcvd semantics change? [ In reply to ]
kmcgrail at apache
Apr 24, 2023, 2:35 PM
Post #3 of 10 (402 views)
Permalink
Hi Philip,

To my knowledge, the matching is a simple glob which does NOT work on
subdomains.

You might be able to do *@*.ceipalmm.com and *@ceipalmm.com

Regards,

KAM

On 4/24/2023 4:34 PM, Philip Prindeville wrote:
> Oh, and this is on Fedora, so I'm running 3.4.6...
>
>
>> On Apr 24, 2023, at 2:32 PM, Philip Prindeville <philipp_subx@redfish-solutions.com> wrote:
>>
>> Hi,
>>
>> I have the following line:
>>
>> whitelist_from_rcvd *@ceipalmm.com mailgun.net
>>
>> And tried it on a message that had:
>>
>> Return-Path: <blurble@mg2.ceipalmm.com>
>>
>> But it didn't get whitelisted. If I change the pattern above to "*@mg2.ceipalmm.com" it works. I thought the matching included subdomains, and seem to remember that working.
>>
>> But just ran a simple test and that's not the case.
>>
>> Is this a bug? Looking at Mail/SpamAssassin/Plugin/WLBLEval.pm I see:
>>
>> if ($rdns =~ /(?:^|\.)\Q${domain}\E$/i) { $match=1; last }
>>
>> So I *thought* that was what was happening, but testing says otherwise.
>>
>> Insights?
>>
>> Thanks,
>>
>> -Philip
>>
--
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: Did the whitelist_from_rcvd semantics change? [ In reply to ]
sausers-20150205 at billmail
Apr 25, 2023, 5:28 AM
Post #4 of 10 (402 views)
Permalink
On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600)
Philip Prindeville <philipp_subx@redfish-solutions.com>
is rumored to have said:

> I thought the matching included subdomains, and seem to remember that
> working.

It never has. At least not in the past 17 years.

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
Re: Did the whitelist_from_rcvd semantics change? [ In reply to ]
philipp_subx at redfish-solutions
Apr 28, 2023, 9:11 AM
Post #5 of 10 (395 views)
Permalink
> On Apr 25, 2023, at 6:28 AM, Bill Cole <sausers-20150205@billmail.scconsult.com> wrote:
>
> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600)
> Philip Prindeville <philipp_subx@redfish-solutions.com>
> is rumored to have said:
>
>> I thought the matching included subdomains, and seem to remember that working.
>
> It never has. At least not in the past 17 years.
>


Then how do pools of servers like *.protection.outbound.outlook.com get handled?


-Philip
Re: Did the whitelist_from_rcvd semantics change? [ In reply to ]
sausers-20150205 at billmail
Apr 28, 2023, 9:29 AM
Post #6 of 10 (395 views)
Permalink
On 2023-04-28 at 12:11:02 UTC-0400 (Fri, 28 Apr 2023 10:11:02 -0600)
Philip Prindeville <philipp_subx@redfish-solutions.com>
is rumored to have said:

>> On Apr 25, 2023, at 6:28 AM, Bill Cole
>> <sausers-20150205@billmail.scconsult.com> wrote:
>>
>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600)
>> Philip Prindeville <philipp_subx@redfish-solutions.com>
>> is rumored to have said:
>>
>>> I thought the matching included subdomains, and seem to remember
>>> that working.
>>
>> It never has. At least not in the past 17 years.
>>
>
>
> Then how do pools of servers like *.protection.outbound.outlook.com
> get handled?

Subdomains are implicitly included in the relay hostname parameter, NOT
in the From address parameter, where simple glob wildcards work. RTFM:
perldoc Mail::SpamAssassin::Conf




--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
Re: Did the whitelist_from_rcvd semantics change? [ In reply to ]
philipp_subx at redfish-solutions
Apr 28, 2023, 11:17 AM
Post #7 of 10 (395 views)
Permalink
> On Apr 28, 2023, at 10:24 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
>
>
>
> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>> On Apr 25, 2023, at 6:28 AM, Bill Cole <sausers-20150205@billmail.scconsult.com> wrote:
>>>
>>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600)
>>> Philip Prindeville <philipp_subx@redfish-solutions.com>
>>> is rumored to have said:
>>>
>>>> I thought the matching included subdomains, and seem to remember that working.
>>>
>>> It never has. At least not in the past 17 years.
>>>
>> Then how do pools of servers like *.protection.outbound.outlook.com get handled?
>
> as * is always handeled at globbing
>
> *.example.com
> *@example.com


Maybe I'm missing something, but the code brackets ${domain} with \Q and \E so globbing wouldn't work.

if ($rdns =~ /(?:^|\.)\Q${domain}\E$/i) { $match=1; last }
Re: Did the whitelist_from_rcvd semantics change? [ In reply to ]
philipp_subx at redfish-solutions
Apr 30, 2023, 11:54 AM
Post #8 of 10 (394 views)
Permalink
> On Apr 28, 2023, at 12:17 PM, Philip Prindeville <philipp_subx@redfish-solutions.com> wrote:
>
>
>
>> On Apr 28, 2023, at 10:24 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
>>
>>
>>
>> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>>> On Apr 25, 2023, at 6:28 AM, Bill Cole <sausers-20150205@billmail.scconsult.com> wrote:
>>>>
>>>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600)
>>>> Philip Prindeville <philipp_subx@redfish-solutions.com>
>>>> is rumored to have said:
>>>>
>>>>> I thought the matching included subdomains, and seem to remember that working.
>>>>
>>>> It never has. At least not in the past 17 years.
>>>>
>>> Then how do pools of servers like *.protection.outbound.outlook.com get handled?
>>
>> as * is always handeled at globbing
>>
>> *.example.com
>> *@example.com
>
>
> Maybe I'm missing something, but the code brackets ${domain} with \Q and \E so globbing wouldn't work.
>
> if ($rdns =~ /(?:^|\.)\Q${domain}\E$/i) { $match=1; last }
>


But it *is* anchored on the left hand side by either beginning of line *or* dot.

-Philip
Re: Did the whitelist_from_rcvd semantics change? [ In reply to ]
philipp_subx at redfish-solutions
May 1, 2023, 8:14 AM
Post #9 of 10 (392 views)
Permalink
> On May 1, 2023, at 3:48 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
>
>
>
> Am 30.04.23 um 20:54 schrieb Philip Prindeville:
>>> On Apr 28, 2023, at 12:17 PM, Philip Prindeville <philipp_subx@redfish-solutions.com> wrote:
>>>
>>>
>>>
>>>> On Apr 28, 2023, at 10:24 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
>>>>
>>>>
>>>>
>>>> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>>>>> On Apr 25, 2023, at 6:28 AM, Bill Cole <sausers-20150205@billmail.scconsult.com> wrote:
>>>>>>
>>>>>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600)
>>>>>> Philip Prindeville <philipp_subx@redfish-solutions.com>
>>>>>> is rumored to have said:
>>>>>>
>>>>>>> I thought the matching included subdomains, and seem to remember that working.
>>>>>>
>>>>>> It never has. At least not in the past 17 years.
>>>>>>
>>>>> Then how do pools of servers like *.protection.outbound.outlook.com get handled?
>>>>
>>>> as * is always handeled at globbing
>>>>
>>>> *.example.com
>>>> *@example.com
>>>
>>>
>>> Maybe I'm missing something, but the code brackets ${domain} with \Q and \E so globbing wouldn't work.
>>>
>>> if ($rdns =~ /(?:^|\.)\Q${domain}\E$/i) { $match=1; last }
>>>
>> But it *is* anchored on the left hand side by either beginning of line *or* dot
>
> and what do you think "*" will do with the anchoring?
>
> ^*


And that will continue to glob inside \Q ... \E ?

-Philip
Re: Did the whitelist_from_rcvd semantics change? [ In reply to ]
sausers-20150205 at billmail
May 1, 2023, 8:42 AM
Post #10 of 10 (392 views)
Permalink
If you're going to engage with RH, leave me out of it.


On 2023-05-01 at 11:14:12 UTC-0400 (Mon, 1 May 2023 09:14:12 -0600)
Philip Prindeville <philipp_subx@redfish-solutions.com>
is rumored to have said:

>> On May 1, 2023, at 3:48 AM, Reindl Harald <h.reindl@thelounge.net>
>> wrote:
>>
>>
>>
>> Am 30.04.23 um 20:54 schrieb Philip Prindeville:
>>>> On Apr 28, 2023, at 12:17 PM, Philip Prindeville
>>>> <philipp_subx@redfish-solutions.com> wrote:
>>>>
>>>>
>>>>
>>>>> On Apr 28, 2023, at 10:24 AM, Reindl Harald
>>>>> <h.reindl@thelounge.net> wrote:
>>>>>
>>>>>
>>>>>
>>>>> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>>>>>> On Apr 25, 2023, at 6:28 AM, Bill Cole
>>>>>>> <sausers-20150205@billmail.scconsult.com> wrote:
>>>>>>>
>>>>>>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55
>>>>>>> -0600)
>>>>>>> Philip Prindeville <philipp_subx@redfish-solutions.com>
>>>>>>> is rumored to have said:
>>>>>>>
>>>>>>>> I thought the matching included subdomains, and seem to
>>>>>>>> remember that working.
>>>>>>>
>>>>>>> It never has. At least not in the past 17 years.
>>>>>>>
>>>>>> Then how do pools of servers like
>>>>>> *.protection.outbound.outlook.com get handled?
>>>>>
>>>>> as * is always handeled at globbing
>>>>>
>>>>> *.example.com
>>>>> *@example.com
>>>>
>>>>
>>>> Maybe I'm missing something, but the code brackets ${domain} with
>>>> \Q and \E so globbing wouldn't work.
>>>>
>>>> if ($rdns =~ /(?:^|\.)\Q${domain}\E$/i) { $match=1; last }
>>>>
>>> But it *is* anchored on the left hand side by either beginning of
>>> line *or* dot
>>
>> and what do you think "*" will do with the anchoring?
>>
>> ^*
>
>
> And that will continue to glob inside \Q ... \E ?
>
> -Philip


--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal