Mailing List Archive

On 27.03.24 20:56, Philip Prindeville via users wrote:
>I have something that looks like:
>
>whitelist_from_rcvd vlad@yandex.ru vger.kernel.org
>
>blacklist_from *@yandex.ru
>
>And I only ever seem to see the 2nd rule being hit, but not the first.
>
>What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I could find.
>
>You'd think the first would happen first, since it's more specific.
>
>Or, maybe that both would happen.

they both should happen.
note that the second argument must be Received: header provided by trusted
server, so that argument depends on proper TrustPath set up

https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them

> On Mar 28, 2024, at 2:39?AM, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>
> On 27.03.24 20:56, Philip Prindeville via users wrote:
>> I have something that looks like:
>>
>> whitelist_from_rcvd vlad@yandex.ru vger.kernel.org
>>
>> blacklist_from *@yandex.ru
>>
>> And I only ever seem to see the 2nd rule being hit, but not the first.
>>
>> What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I could find.
>>
>> You'd think the first would happen first, since it's more specific.
>>
>> Or, maybe that both would happen.
>
> they both should happen.
> note that the second argument must be Received: header provided by trusted server, so that argument depends on proper TrustPath set up
>
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> One OS to rule them all, One OS to find them,
> One OS to bring them all and into darkness bind them

My config also has:

trusted_networks 192.168.6.0/24
trusted_networks 192.168.8.0/24
trusted_networks 127.0.0.1/32

So I don't think that's the problem.

What are some steps to troubleshoot how the white/black-listing is happening?

Thanks

>> On 27.03.24 20:56, Philip Prindeville via users wrote:
>>> I have something that looks like:
>>>
>>> whitelist_from_rcvd vlad@yandex.ru vger.kernel.org
>>>
>>> blacklist_from *@yandex.ru
>>>
>>> And I only ever seem to see the 2nd rule being hit, but not the first.
>>>
>>> What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I could find.
>>>
>>> You'd think the first would happen first, since it's more specific.
>>>
>>> Or, maybe that both would happen.

>> On Mar 28, 2024, at 2:39?AM, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>> they both should happen.
>> note that the second argument must be Received: header provided by trusted server, so that argument depends on proper TrustPath set up
>>
>> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath

On 28.03.24 11:55, Philip Prindeville via users wrote:
>My config also has:
>
>trusted_networks 192.168.6.0/24
>trusted_networks 192.168.8.0/24
>trusted_networks 127.0.0.1/32
>
>So I don't think that's the problem.
>
>What are some steps to troubleshoot how the white/black-listing is happening?

can you show us the headers? Here or somewhere on pastebin?

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease

On Thu, 28 Mar 2024, Philip Prindeville via users wrote:

>
>
>> On Mar 28, 2024, at 2:39?AM, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>>
>> On 27.03.24 20:56, Philip Prindeville via users wrote:
>>> I have something that looks like:
>>>
>>> whitelist_from_rcvd vlad@yandex.ru vger.kernel.org
>>>
>>> blacklist_from *@yandex.ru
>>>
>>> And I only ever seem to see the 2nd rule being hit, but not the first.
>>>

[snip..]

>
> My config also has:
>
> trusted_networks 192.168.6.0/24
> trusted_networks 192.168.8.0/24
> trusted_networks 127.0.0.1/32
>
> So I don't think that's the problem.
>
> What are some steps to troubleshoot how the white/black-listing is happening?

whitelist_from_rcvd requires SA to 'see' the envelope from address.
Depending on how you have SA glued into your MTA that may not be happening and
may require particular configurations.

Try creating an entry for a known good address and see if it fires.

If that source properly DKIM or SPF signs its messages it may be easier to use
'whitelist_auth' instead of whitelist_from_rcvd.

It's also less maintenance headache as whitelist_from_rcvd must have the proper
DNS names of their exit-point SMTP servers and in Cloud land that can change
with out notice.

--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

> On Mar 28, 2024, at 12:18?PM, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>
>>> On 27.03.24 20:56, Philip Prindeville via users wrote:
>>>> I have something that looks like:
>>>>
>>>> whitelist_from_rcvd vlad@yandex.ru vger.kernel.org
>>>>
>>>> blacklist_from *@yandex.ru
>>>>
>>>> And I only ever seem to see the 2nd rule being hit, but not the first.
>>>>
>>>> What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I could find.
>>>>
>>>> You'd think the first would happen first, since it's more specific.
>>>>
>>>> Or, maybe that both would happen.
>
>>> On Mar 28, 2024, at 2:39?AM, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>>> they both should happen.
>>> note that the second argument must be Received: header provided by trusted server, so that argument depends on proper TrustPath set up
>>>
>>> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath
>
> On 28.03.24 11:55, Philip Prindeville via users wrote:
>> My config also has:
>>
>> trusted_networks 192.168.6.0/24
>> trusted_networks 192.168.8.0/24
>> trusted_networks 127.0.0.1/32
>>
>> So I don't think that's the problem.
>>
>> What are some steps to troubleshoot how the white/black-listing is happening?
>
> can you show us the headers? Here or somewhere on pastebin?
>


No need, but thanks.

Got my head out of my butt. I had somehow missed that vger.kernel.org as a "multihomed" (or "anycast", depending on how you look at it) had ceased to exist as an outbound relay for the LKML's and been replaced by (am|ny|sv|sy).mirrors.kernel.org back around Dec 19 last year.

When I switched to:

whitelist_from_rcvd vlad@yandex.ru mirrors.kernel.org

things started working again.

-Philip

> On Mar 28, 2024, at 12:18?PM, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>
>>> On 27.03.24 20:56, Philip Prindeville via users wrote:
>>>> I have something that looks like:
>>>>
>>>> whitelist_from_rcvd vlad@yandex.ru vger.kernel.org
>>>>
>>>> blacklist_from *@yandex.ru
>>>>
>>>> And I only ever seem to see the 2nd rule being hit, but not the first.
>>>>
>>>> What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I could find.
>>>>
>>>> You'd think the first would happen first, since it's more specific.
>>>>
>>>> Or, maybe that both would happen.
>
>>> On Mar 28, 2024, at 2:39?AM, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>>> they both should happen.
>>> note that the second argument must be Received: header provided by trusted server, so that argument depends on proper TrustPath set up
>>>
>>> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath
>
> On 28.03.24 11:55, Philip Prindeville via users wrote:
>> My config also has:
>>
>> trusted_networks 192.168.6.0/24
>> trusted_networks 192.168.8.0/24
>> trusted_networks 127.0.0.1/32
>>
>> So I don't think that's the problem.
>>
>> What are some steps to troubleshoot how the white/black-listing is happening?
>
> can you show us the headers? Here or somewhere on pastebin?
>


No need, but thanks.

Got my head out of my butt. I had somehow missed that vger.kernel.org as a "multihomed" (or "anycast", depending on how you look at it) had ceased to exist as an outbound relay for the LKML's and been replaced by (am|ny|sv|sy).mirrors.kernel.org back around Dec 19 last year.

When I switched to:

whitelist_from_rcvd vlad@yandex.ru mirrors.kernel.org

things started working again.

-Philip

Philip Prindeville via users skrev den 2024-03-28 18:55:

> My config also has:
>
> trusted_networks 192.168.6.0/24
> trusted_networks 192.168.8.0/24
> trusted_networks 127.0.0.1/32
>
> So I don't think that's the problem.

rfc 1918 is imho hardcoded into spamassassin

if its this, make a bugzilla about it, the above range is one single
192.168.0.0/16 127.0.0.0/8

> What are some steps to troubleshoot how the white/black-listing is
> happening?

spamassassin -D -t spam-msg-file 2>&1 | less

if its there :)