Mailing List Archive

On 08.04.24 12:09, natan wrote:
>I use amavis+SA and In log I get "whitlisted"
>
>...
>Apr? 6 01:15:08 amavis3 amavis[3887068]: (3887068-17) wbl: whitelisted
>sender <>, <no-reply@xxxx.ltd>
>...
>
>Log:
>Apr? 6 01:15:08 amavis3 amavis[3887068]: (3887068-17) Checking:
>6LRhEwtUmP7u [34.23.17.0] <> -> <ibf@xxxx.ltd>
>Apr? 6 01:15:08 amavis3 amavis[3887068]: (3887068-17) p002 1
>Content-Type: multipart/related
>Apr? 6 01:15:08 amavis3 amavis[3887068]: (3887068-17) p001 1/1
>Content-Type: text/html, base64, size: 7409, SHA1 digest:
>74442afff932dbc7aa40fcd95c5445df29e8a5cc
>Apr? 6 01:15:08 amavis3 amavis[3887068]: (3887068-17) check_header: 7,
>Missing required header field: "Date"
>Apr? 6 01:15:08 amavis3 amavis[3887068]: (3887068-17) wbl: whitelisted
>sender <>, <no-reply@xxxx.ltd>

this looks like whitelist at amavis level, not at spamassassin level.

>Apr? 6 01:15:08 amavis3 amavis[3887068]: (3887068-17) bounce
>unverifiable, <> -> <ibf@xxxx.ltd>
>Apr? 6 01:15:09 amavis3 amavis[3887068]: (3887068-17) 6LRhEwtUmP7u FWD
>from <> -> <ibf@xxxx.ltd>, BODY=7BIT 250 2.0.0 from
>MTA(smtp:[86.xxx.xxx.xxx]:10027): 250 2.0.0 Ok: queued as
>4VBDq06n69z1Q9q1
>
>Apr? 6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed
>BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <> ->
><ibf@xxxx.ltd>, Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id: 6LRhEwtUmP7u,
>Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1, 358 ms
>
>I check and I not found any <> in whitelist

check amavis config.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

W dniu 8.04.2024 o 12:26, Matus UHLAR - fantomas pisze:
> On 08.04.24 12:09, natan wrote:
>> I use amavis+SA and In log I get "whitlisted"
>>
>> ...
>> Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) wbl:
>> whitelisted sender <>, <no-reply@xxxx.ltd>
>> ...
>>
>> Log:
>> Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) Checking:
>> 6LRhEwtUmP7u [34.23.17.0] <> -> <ibf@xxxx.ltd>
>> Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) p002 1
>> Content-Type: multipart/related
>> Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) p001 1/1
>> Content-Type: text/html, base64, size: 7409, SHA1 digest:
>> 74442afff932dbc7aa40fcd95c5445df29e8a5cc
>> Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) check_header:
>> 7, Missing required header field: "Date"
>> Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) wbl:
>> whitelisted sender <>, <no-reply@xxxx.ltd>
>
> this looks like whitelist at amavis level, not at spamassassin level.
>
>> Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) bounce
>> unverifiable, <> -> <ibf@xxxx.ltd>
>> Apr  6 01:15:09 amavis3 amavis[3887068]: (3887068-17) 6LRhEwtUmP7u
>> FWD from <> -> <ibf@xxxx.ltd>, BODY=7BIT 250 2.0.0 from
>> MTA(smtp:[86.xxx.xxx.xxx]:10027): 250 2.0.0 Ok: queued as
>> 4VBDq06n69z1Q9q1
>>
>> Apr  6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed
>> BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <> ->
>> <ibf@xxxx.ltd>, Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id: 6LRhEwtUmP7u,
>> Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1, 358 ms
>>
>> I check and I not found any <> in whitelist
>
I check and nothging check whitelist in sql and nothing abou whitelisted
sender <>
> check amavis config.


--

natan skrev den 2024-04-08 12:31:

>>>
>>> Apr 6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed
>>> BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <>
>>> -> <ibf@xxxx.ltd>, Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id:
>>> 6LRhEwtUmP7u, Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1,
>>> 358 ms
>>>
>>> I check and I not found any <> in whitelist
> I check and nothging check whitelist in sql and nothing abou
> whitelisted sender <>
>
>> check amavis config.

read books :)

<> is bounce addresse with must not be rejected

hence its whitelisted

W dniu 8.04.2024 o 12:38, Benny Pedersen pisze:
> natan skrev den 2024-04-08 12:31:
>
>>>>
>>>> Apr  6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed
>>>> BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <>
>>>> -> <ibf@xxxx.ltd>, Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id:
>>>> 6LRhEwtUmP7u, Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1,
>>>> 358 ms
>>>>
>>>> I check and I not found any <> in whitelist
>>  I check and nothging check whitelist in sql and nothing abou
>> whitelisted sender <>
>>
>>> check amavis config.
>
> read books :)
yes read read byt this is not from bounce. Normal bounce not have info
in log like "wbl: whitelisted sender <>"

Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) wbl: whitelisted
sender <>, <no-reply@xxxx.ltd>

>
> <> is bounce addresse with must not be rejected
>
> hence its whitelisted
>

--

According to RFC 2298, the envelope sender address (SMTP MAIL FROM) of the
Message Disposition Notification (MDN) must be null (<>). This
specification indicates that no Delivery Status Notification (DSN) messages
or other notifications about successful or unsuccessful delivery should be
sent in response to an MDN.

In the context of SMTP, there are two important aspects to consider
regarding the From and To entries:

- SMTP Commands: When issuing SMTP commands, it's possible to use "<>" to
represent the mail server sending the response. According to the RFC 2298,
this usage of "<>" is not intended to be blocked.

- Email Body Fields: Within the email body itself, the To, CC (Carbon
Copy), BCC (Blind Carbon Copy), and From fields can be left blank if they
are not relevant to the SMTP server's operation. These fields primarily
serve the client's use. It's important to note that the "MAIL FROM:"
command in SMTP and the "From:" field in the email message do not
necessarily need to match, nor do the "RCPT TO:" command and the To field
in the email message. This flexibility allows for different handling of
sender and recipient information between the SMTP protocol and email
content.

There might be some Spam/Phishing emails with null sender so spamassassin
will help you block it if you configured them correctly..


On Mon, Apr 8, 2024 at 5:38?PM Benny Pedersen <me@junc.eu> wrote:

> natan skrev den 2024-04-08 12:31:
>
> >>>
> >>> Apr 6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed
> >>> BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <>
> >>> -> <ibf@xxxx.ltd>, Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id:
> >>> 6LRhEwtUmP7u, Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1,
> >>> 358 ms
> >>>
> >>> I check and I not found any <> in whitelist
> > I check and nothging check whitelist in sql and nothing abou
> > whitelisted sender <>
> >
> >> check amavis config.
>
> read books :)
>
> <> is bounce addresse with must not be rejected
>
> hence its whitelisted
>
>

Hi
Problem solved: user in wbl sql add in amavis_recipients his domain....

W dniu 8.04.2024 o 12:50, Jimmy pisze:
> According to RFC 2298, the envelope sender address (SMTP MAIL FROM) of
> the Message Disposition Notification (MDN) must be null (<>). This
> specification indicates that no Delivery Status Notification (DSN)
> messages or other notifications about successful or unsuccessful
> delivery should be sent in response to an MDN.
>
> In the context of SMTP, there are two important aspects to consider
> regarding the From and To entries:
>
> - SMTP Commands: When issuing SMTP commands, it's possible to use "<>"
> to represent the mail server sending the response. According to the
> RFC 2298, this usage of "<>" is not intended to be blocked.
>
> - Email Body Fields: Within the email body itself, the To, CC (Carbon
> Copy), BCC (Blind Carbon Copy), and From fields can be left blank if
> they are not relevant to the SMTP server's operation. These fields
> primarily serve the client's use. It's important to note that the
> "MAIL FROM:" command in SMTP and the "From:" field in the email
> message do not necessarily need to match, nor do the "RCPT TO:"
> command and the To field in the email message. This flexibility allows
> for different handling of sender and recipient information between the
> SMTP protocol and email content.
>
> There might be some Spam/Phishing emails with null sender so
> spamassassin will help you block it if you configured them correctly..
>
>
> On Mon, Apr 8, 2024 at 5:38?PM Benny Pedersen <me@junc.eu> wrote:
>
> natan skrev den 2024-04-08 12:31:
>
> >>>
> >>> Apr  6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed
> >>> BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <>
> >>> -> <ibf@xxxx.ltd>, Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id:
> >>> 6LRhEwtUmP7u, Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1,
> >>> 358 ms
> >>>
> >>> I check and I not found any <> in whitelist
> >  I check and nothging check whitelist in sql and nothing abou
> > whitelisted sender <>
> >
> >> check amavis config.
>
> read books :)
>
> <> is bounce addresse with must not be rejected
>
> hence its whitelisted
>

--

Hi
Jimmy in SA like:
>
> There might be some Spam/Phishing emails with null sender so
> spamassassin will help you block it if you configured them correctly..
>
header    SPAM_FROM_NO_DOMAIN        Return-Path =~ /<>/
describe  SPAM_FROM_NO_DOMAIN        spamik
score SPAM_FROM_NO_DOMAIN              2

>
> On Mon, Apr 8, 2024 at 5:38?PM Benny Pedersen <me@junc.eu> wrote:
>
> natan skrev den 2024-04-08 12:31:
>
> >>>
> >>> Apr  6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed
> >>> BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <>
> >>> -> <ibf@xxxx.ltd>, Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id:
> >>> 6LRhEwtUmP7u, Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1,
> >>> 358 ms
> >>>
> >>> I check and I not found any <> in whitelist
> >  I check and nothging check whitelist in sql and nothing abou
> > whitelisted sender <>
> >
> >> check amavis config.
>
> read books :)
>
> <> is bounce addresse with must not be rejected
>
> hence its whitelisted
>

--