Soft black and whitelisting when different envelope sender and header from

Nick I via amavis-users amavis-users at amavis.org
Wed Feb 12 19:21:56 CET 2014


Hello,

I have a long @score_sender_maps where amazonses.com is blacklisted for
domain ( score 100) and apache at sender.com is whitelisted (score -100).
On this debug you can see that mail checked only for the soft blacklist at
envelope sender @amazonses.com, soft-blacklisted and did not check for the
whitelist at apache at sender.com.

My question is if it possible that:
1) amavis will check for both senders (envelope and author (header from).
In this case total score from wbl is 0.
2) Change amavis to check for the whitelist 1st, when check blacklist.
I can not change score for amazonses.com. All i need is pass mail from
apache at sender.com using @score_sender_maps.

Here is debug, sorry it is too long:



Feb 12 17:09:03   DEBUG_ONESHOT: TURNED ON
...
Feb 12 17:09:03   Checking: LcAXPH35LFlr [54.240.8.22] <
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>
-> <user at example.com>
Feb 12 17:09:03   2822.From: <apache at sender.com>, 2821.Mail_From: <
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>
Feb 12 17:09:03   lookup_acl(user at example.com) matches key ".", result=1
Feb 12 17:09:03   lookup [local_domains] => true,  "user at example.com"
matches, result="1", matching_key="."
Feb 12 17:09:03   lookup [bypass_virus_checks] => undef, "user at example.com"
does not match
Feb 12 17:09:03   lookup [bypass_banned_checks] => undef, "user at example.com"
does not match
Feb 12 17:09:03   query_keys: user at example.com, user@, example.com, .
example.com, .com, .
Feb 12 17:09:03   lookup_hash(user at example.com), no matches
Feb 12 17:09:03   lookup [bypass_spam_checks] => undef, "user at example.com"
does not match
Feb 12 17:09:03   Extracting mime components from a string
Feb 12 17:09:03   Issued a new file name: p001
Feb 12 17:09:03   mime_decode_preamble: 2 lines
Feb 12 17:09:03   Issued a new pseudo part: p002
Feb 12 17:09:03   p002 1 Content-Type: multipart/related
Feb 12 17:09:03   mime_decode_epilogue: 1 lines
Feb 12 17:09:03   Charging 2 bytes to remaining quota 539000 (out of
539000, (0%)) - by mime_decode
Feb 12 17:09:03   p001 1/1 Content-Type: text/plain, size: 2 B, name:
Feb 12 17:09:03   reparenting p001 from p000 to p002
Feb 12 17:09:03   inspect_dsn: parts: multipart/related, text/plain
Feb 12 17:09:03   inspect_dsn: not a bounce
Feb 12 17:09:03   decode_parts: level=1, #parts=2 : p001, p002
Feb 12 17:09:03   running file(1) on 1 files, arglist size 18
...
Feb 12 17:09:03   result line from file(1): p001: ASCII text\n
Feb 12 17:09:03   lookup_re("ASCII text") matches key
"(?i-xsm:^(ASCII|text)\b)", result="asc"
Feb 12 17:09:03   lookup [map_full_type_to_short_type] => true,  "ASCII
text" matches, result="asc", matching_key="(?i-xsm:^(ASCII|text)\134b)"
Feb 12 17:09:03   File-type of p001: ASCII text; (asc)
Feb 12 17:09:03   decompose_part: p001 - atomic
Feb 12 17:09:03   get_deadline parts_decode - deadline in 480.0 s, set to
336.000 s
Feb 12 17:09:03   prolong_timer parts_decode: timer 336, was 336, deadline
in 480.0 s
Feb 12 17:09:03   lookup [bypass_header_checks] => undef, "user at example.com"
does not match
Feb 12 17:09:03   check_header: 0, OK
Feb 12 17:09:03   lookup [bypass_header_checks] => undef, "user at example.com"
does not match
Feb 12 17:09:03   Checking for banned types and filenames
Feb 12 17:09:03   query_keys: user at example.com, user@, example.com, .
example.com, .com, .
Feb 12 17:09:03   lookup_hash(user at example.com) matches keys:
"."=>DEFAULT_RULE
Feb 12 17:09:03   lookup [banned_filename], 1 matches for "user at example.com",
results: "."=>"DEFAULT_RULE"
Feb 12 17:09:03   collect banned table[0]: user at example.com, tables:
DEFAULT_RULE=>Amavis::Lookup::RE=ARRAY(0x3518b58)
Feb 12 17:09:03   starting banned checks - traversing message structure tree
Feb 12 17:09:03   check_for_banned (p002,p001) multipart/related |
text/plain,.asc
Feb 12 17:09:03   doing banned check for user at example.com on
multipart/related | text/plain,.asc
Feb 12 17:09:03   lookup_re(["multipart/related","text/plain",".asc"]), no
matches
Feb 12 17:09:03   lookup [check_bann:user at example.com] => undef,
["multipart/related","text/plain",".asc"] does not match
Feb 12 17:09:03   lookup [banned_namepath_re] => undef,
"P=p002\tL=1\tM=multipart/related\nP=p001\tL=1/1\tM=text/plain\tT=asc" does
not match
Feb 12 17:09:03   p.path user at example.com: "P=p002,L=1,M=multipart/related
| P=p001,L=1/1,M=text/plain,T=asc"
Feb 12 17:09:03   banned check: any=0, all=N (1)
Feb 12 17:09:03   lookup_re("MAIL") matches key "(?-xism:^MAIL$)",
result="1"
Feb 12 17:09:03   lookup [keep_decoded_original] => true,  "MAIL" matches,
result="1", matching_key="(?-xism:^MAIL$)"
Feb 12 17:09:03   Issued a new file name: p003
Feb 12 17:09:03   presenting full original message to scanners as
/var/spool/amavisd/tmp/amavis-20140212T170819-18214-MO6uHDAN/parts/p003
Feb 12 17:09:03   Calling virus scanners, 2 files to scan in
/var/spool/amavisd/tmp/amavis-20140212T170819-18214-MO6uHDAN/parts
Feb 12 17:09:03   invoking av-scanner ClamAV-clamd
Feb 12 17:09:03   ask_daemon: proto=DFLT, spawn=0, (ClamAV-clamd)
/var/spool/amavisd/clamd.sock
Feb 12 17:09:03   run_av (ClamAV-clamd): query template(1,1): CONTSCAN {}\n
Feb 12 17:09:03   get_deadline run_av_pre - deadline in 480.0 s, set to
336.000 s
Feb 12 17:09:03   prolong_timer run_av_pre: timer 336, was 336, deadline in
480.0 s
Feb 12 17:09:03   get_deadline run_av_scan - deadline in 480.0 s, set to
336.000 s
Feb 12 17:09:03   prolong_timer run_av_scan: timer 336, was 336, deadline
in 480.0 s
Feb 12 17:09:03   run_av Using (ClamAV-clamd): (code) CONTSCAN
/var/spool/amavisd/tmp/amavis-20140212T170819-18214-MO6uHDAN/parts\n
Feb 12 17:09:03   get_deadline ask_daemon_internal_connect_pre - deadline
in 480.0 s, set to 336.000 s
Feb 12 17:09:03   get_deadline ask_daemon_internal_connect - deadline in
480.0 s, set to 10.000 s
Feb 12 17:09:03   prolong_timer ask_daemon_internal_connect: timer 10, was
336, deadline in 480.0 s
Feb 12 17:09:03   ClamAV-clamd: Connecting to socket
/var/spool/amavisd/clamd.sock
Feb 12 17:09:03   new socket by IO::Socket::UNIX to
/var/spool/amavisd/clamd.sock, timeout 10
Feb 12 17:09:03   connected to /var/spool/amavisd/clamd.sock successfully
Feb 12 17:09:03   ClamAV-clamd: Sending CONTSCAN
/var/spool/amavisd/tmp/amavis-20140212T170819-18214-MO6uHDAN/parts\n to
socket /var/spool/amavisd/
clamd.sock
Feb 12 17:09:03   rw_loop: needline=0, flush=1, wr=1, timeout=10
Feb 12 17:09:03   rw_loop: sending 76 chars
Feb 12 17:09:03   rw_loop sent 76> CONTSCAN
/var/spool/amavisd/tmp/amavis-20140212T170819-18214-MO6uHDAN/parts\n
Feb 12 17:09:03   get_deadline ask_daemon_internal_scan - deadline in 480.0
s, set to 336.000 s
Feb 12 17:09:03   prolong_timer ask_daemon_internal_scan: timer 336, was
10, deadline in 480.0 s
Feb 12 17:09:03   rw_loop: needline=0, flush=0, wr=0, timeout=335.999
Feb 12 17:09:03   rw_loop: receiving
Feb 12 17:09:03   rw_loop read 71 chars<
/var/spool/amavisd/tmp/amavis-20140212T170819-18214-MO6uHDAN/parts: OK\n
Feb 12 17:09:03   rw_loop: needline=0, flush=0, wr=0, timeout=335.999
Feb 12 17:09:03   rw_loop: receiving
Feb 12 17:09:03   rw_loop read: got eof
Feb 12 17:09:03   get_deadline ask_daemon_internal - deadline in 480.0 s,
set to 336.000 s
Feb 12 17:09:03   prolong_timer ask_daemon_internal: timer 336, was 336,
deadline in 480.0 s
Feb 12 17:09:03   get_deadline run_av_3 - deadline in 480.0 s, set to
336.000 s
Feb 12 17:09:03   prolong_timer run_av_3: timer 336, was 336, deadline in
480.0 s
Feb 12 17:09:03   run_av (ClamAV-clamd) result:
/var/spool/amavisd/tmp/amavis-20140212T170819-18214-MO6uHDAN/parts: OK\n
Feb 12 17:09:03   run_av (ClamAV-clamd): CLEAN
Feb 12 17:09:03   run_av (ClamAV-clamd) result: clean
Feb 12 17:09:03   wbl: checking sender <
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>,
<apache at sender.com>
Feb 12 17:09:03   lookup [blacklist_recip<user at example.com>] => undef, "
user at example.com" does not match
Feb 12 17:09:03   lookup [blacklist_sender<
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>,blacklist_sender]
=> undef,
"000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com"
does not match
Feb 12 17:09:03   lookup [whitelist_recip<user at example.com>] => undef, "
user at example.com" does not match
Feb 12 17:09:03   lookup [whitelist_sender<
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>,whitelist_sender]
=> undef,
"000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com"
does not match
Feb 12 17:09:03   query_keys: user at example.com, user@, example.com, .
example.com, .com, .
Feb 12 17:09:03   lookup_hash(user at example.com) matches keys:
"example.com"=>ARRAY(0x3baaef0),
"."=>ARRAY(0x35e0620)
Feb 12 17:09:03   lookup [score_recip<user at example.com>,score_sender], 2
matches for "user at example.com", results: "example.com"=>[{apache at sender.com=
>"-100",mxtoolbox.com=>"100",institu.example.com=>"100",amazonses.com=>"100"}],
"."=>[Amavis::Lookup::RE=ARRAY(0x35e04e8),{yahoo.com.tw=>"20",detma.org
=>"20",dsldevice.lan=>"20",whitepa
pers at cfowhitepaperlibrary.com=>"20",
dofollow.backlinks at mg-seolinkbuilding.com=>"20",no-reply at nacha.org=>"20",
nationalseminarstraining.com=>"20",.nationalseminarstraining.com=>"20",rajp
utsonamrajput at gmail.com=>"20"}]
Feb 12 17:09:03   query_keys:
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com,
000001442712a2ae-b109dcd5-a799-4879-a503-
fd806c773a26-000000@, amazonses.com, .amazonses.com, .com, .
Feb 12 17:09:03   lookup_hash(
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com)
matches key "amazonses.com", result=100
Feb 12 17:09:03   lookup [score_sender<
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>]
=> true,  "000001442712a2ae-b10
9dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com" matches,
result="100", matching_key="amazonses.com"
Feb 12 17:09:03   wbl: soft-blacklisted (100) sender <
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>
=> <user at example.com>, recip_key="example.com"
Feb 12 17:09:03   query_keys:
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com,
000001442712a2ae-b109dcd5-a799-4879-a503-
fd806c773a26-000000@, amazonses.com, .amazonses.com, .com, .
Feb 12 17:09:03   lookup_hash(
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com),
no matches
Feb 12 17:09:03   lookup [score_sender<
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>]
=> undef, "000001442712a2ae-b10
9dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com" does not match
Feb 12 17:09:03   lookup [blacklist_recip<user at example.com>] => undef, "
user at example.com" does not match
Feb 12 17:09:03   lookup [blacklist_sender<apache at sender.com>,blacklist_sender]
=> undef, "apache at sender.com" does not match
Feb 12 17:09:03   lookup [whitelist_recip<user at example.com>] => undef, "
user at example.com" does not match
Feb 12 17:09:03   lookup [whitelist_sender<apache at sender.com>,whitelist_sender]
=> undef, "apache at sender.com" does not match
Feb 12 17:09:03   SpamControl: calling spam scanner SpamAssassin
Feb 12 17:09:03   get_deadline spam_scan_sa - deadline in 479.6 s, set to
336.000 s
Feb 12 17:09:03   prolong_timer spam_scan_sa: timer 336, was 476, deadline
in 479.6 s
Feb 12 17:09:03   spam_scan: score=2.999 autolearn=disabled
tests=[BODY_EMPTY=2.999] recips=0
Feb 12 17:09:03   get_deadline spam_scan - deadline in 479.6 s, set to
336.000 s
Feb 12 17:09:03   prolong_timer spam_scan: timer 336, was 336, deadline in
479.6 s
Feb 12 17:09:03   lookup: (scalar) matches, result="-1000"
Feb 12 17:09:03   lookup [spam_tag_level] => true,  "user at example.com"
matches, result="-1000", matching_key="(constant:-1000)"
Feb 12 17:09:03   lookup: (scalar) matches, result="5"
Feb 12 17:09:03   lookup [spam_tag2_level] => true,  "user at example.com"
matches, result="5", matching_key="(constant:5)"
Feb 12 17:09:03   lookup [spam_tag3_level] => undef, "user at example.com"
does not match
Feb 12 17:09:03   query_keys: user at example.com, user@, example.com, .
example.com, .com, .
Feb 12 17:09:03   lookup_hash(user at example.com) matches key ".", result=14.0
Feb 12 17:09:03   lookup [spam_kill_level] => true,  "user at example.com"
matches, result="14.0", matching_key="."
Feb 12 17:09:03   query_keys: user at example.com, user@, example.com, .
example.com, .com, .
Feb 12 17:09:03   lookup_hash(user at example.com), no matches
Feb 12 17:09:03   lookup [Lovers2,spam_lovers] => undef, "user at example.com"
does not match
Feb 12 17:09:03   blocking contents category is (6) for user at example.com
Feb 12 17:09:03   final_destiny -3, recip user at example.com
Feb 12 17:09:03   blocking ccat=6, SMTP response: 554 5.7.0 Reject,
id=18214-02 - spam
Feb 12 17:09:03   do_notify_and_quar: ccat=Spam (6,0) ("6":Spam,
"5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6),
qar_mth=
Feb 12 17:09:03   lookup: (scalar) matches, result="spam-quarantine"
Feb 12 17:09:03   lookup [spam_quarantine_to] => true,  "user at example.com"
matches, result="spam-quarantine", matching_key="(constant:spam-quarantine
)"
Feb 12 17:09:03   lookup [spam_quarantine_cutoff_level] => undef, "
user at example.com" does not match
Feb 12 17:09:03   lookup [spam_admin] => undef, "user at example.com" does not
match
Feb 12 17:09:03   lookup [spam_quarantine_bysender_to] => undef, "
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com"
does
not match
Feb 12 17:09:03   lookup: (scalar) matches, result="-1000"
Feb 12 17:09:03   lookup [spam_tag_level] => true,  "user at example.com"
matches, result="-1000", matching_key="(constant:-1000)"
Feb 12 17:09:03   lookup: (scalar) matches, result="5"
Feb 12 17:09:03   lookup [spam_tag2_level] => true,  "user at example.com"
matches, result="5", matching_key="(constant:5)"
Feb 12 17:09:03   query_keys: user at example.com, user@, example.com, .
example.com, .com, .
Feb 12 17:09:03   lookup_hash(user at example.com) matches key ".", result=14.0
Feb 12 17:09:03   lookup [spam_kill_level] => true,  "user at example.com"
matches, result="14.0", matching_key="."

Feb 12 17:09:03   header_edits_for_quar: <
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>
-> <user at example.com>, Yes, sco
re=102.999 tag=-1000 tag2=5 kill=14 tests=[AM.WBL=100, BODY_EMPTY=2.999]
autolearn=disabled
Feb 12 17:09:03   header: X-Spam-Flag: YES\n
Feb 12 17:09:03   header: X-Spam-Score: 102.999\n
Feb 12 17:09:03   header: X-Spam-Level:
****************************************************************\n
Feb 12 17:09:03   header: X-Spam-Status: Yes, score=102.999 tag=-1000
tag2=5 kill=14 tests=[AM.WBL=100,\n\tBODY_EMPTY=2.999] autolearn=disabled\n
...
Feb 12 17:09:03   DSN: sender NOT credible, SA: 102.999, <
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>
Feb 12 17:09:03   lookup: (scalar) matches, result="1000"
Feb 12 17:09:03   lookup [spam_dsn_cutoff_level_bysender] => true,  "
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com"
ma
tches, result="1000", matching_key="(constant:1000)"
Feb 12 17:09:03   dsn: . 554 Spam <
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>
-> <user at example.com>: on_succ=0, on_d
ly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=, destiny=-3,
mta_resp: "554 5.7.0 Reject, id=18214-02 - spam"
Feb 12 17:09:03   DSN: FAIL . 554 Spam, status propagated back: <
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>
-> <no
r at example.com>
Feb 12 17:09:03   one_response_for_all <
000001442712a2ae-b109dcd5-a799-4879-a503-fd806c773a26-000000 at amazonses.com>:
REJECTs, '554 5.7.0 Reject, id
=18214-02 - spam'
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20140212/83579b80/attachment.html>


More information about the amavis-users mailing list