Whitelist one mail with multiple destinations

M. Rodrigo Monteiro falecom at rodrigomonteiro.net
Wed Sep 10 16:54:09 CEST 2014


Hi. Here is my scenario:

Internet -> MX (Postfix) -> Relay (Postfix + Amavis with SpamAssassin) -> Zimbra

In SpamAssassin, I have a whitelist/blacklist. All the e-mail passes
through, but Spams are taged (header and subject).

My problem is that when an e-mail comes to multiple destinations and
one of them is whitelisted, all these destinations becomes whitelisted
too.

In the real example below, the e-mail csirt at mydomain.com is
whitelisted (-200 score). An unique e-mail (spam) comes to 20, 30
destinations and one of them is csirt at mydomain.com. All the
destinations were whitelisted (-200 score).

Here is the header of one e-mail and the log of Postfix.
This behavior is SpamAssassin or Amavisd-new?



Return-Path: laura-ff at semarh.goias.gov.br
Received: from eticesrv007.mydomain.com (LHLO
 eticesrv007.mydomain.com) (172.26.70.7) by eticesrv007.mydomain.com
 with LMTP; Tue, 9 Sep 2014 23:31:39 -0300 (BRT)
Received: from filtrodeconteudo1.mydomain.com (unknown [172.26.2.44])
by eticesrv007.mydomain.com (Postfix) with ESMTPS id 8F987884A55;
Tue,  9 Sep 2014 23:31:39 -0300 (BRT)
Received: from localhost (localhost [127.0.0.1])
by filtrodeconteudo1.mydomain.com (Postfix) with ESMTP id B3DEB2A016F;
Tue,  9 Sep 2014 23:31:39 -0300 (BRT)
X-Virus-Scanned: amavisd-new at mydomain.com
X-Spam-Flag: NO
X-Spam-Score: -200.771
X-Spam-Level:
X-Spam-Status: No, score=-200.771 required=5 tests=[AWL=-5.000, BAYES_00=-4,
DCC_CHECK=10, RCVD_IN_MSPIKE_H2=-1.77, SPF_PASS=-0.001,
USER_IN_WHITELIST_TO=-200] autolearn=no autolearn_force=no
Received: from filtrodeconteudo1.mydomain.com ([127.0.0.1])
by localhost (intsrv044.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id lTZPuM5PkD9Y; Tue,  9 Sep 2014 23:31:37 -0300 (BRT)
Received: from mx1.mydomain.com (mx1.mydomain.com [MX_IP])
by filtrodeconteudo1.mydomain.com (Postfix) with ESMTPS id A55772A016D;
Tue,  9 Sep 2014 23:31:37 -0300 (BRT)
X-Greylist: delayed 636 seconds by postgrey-1.35 at
intsrv036.mydomain.com; Tue, 09 Sep 2014 23:31:24 BRT
DKIM-Filter: OpenDKIM Filter v2.9.2 mx1.mydomain.com DEEE41A0057
DMARC-Filter: OpenDMARC Filter v1.2.0 mx1.mydomain.com DEEE41A0057
Authentication-Results: intsrv036.mydomain.com; dmarc=none
header.from=semarh.goias.gov.br
Received-SPF: pass (semarh.goias.gov.br: 189.2.188.131 is authorized
to use 'laura-ff at semarh.goias.gov.br' in 'mfrom' identity (mechanism
'mx' matched)) receiver=intsrv036; identity=mailfrom;
envelope-from="laura-ff at semarh.goias.gov.br";
helo=as.segplan.go.gov.br; client-ip=189.2.188.131
Received: from as.segplan.go.gov.br (as.segplan.go.gov.br [189.2.188.131])
by mx1.mydomain.com (Postfix) with SMTP id DEEE41A0057;
Tue,  9 Sep 2014 23:31:24 -0300 (BRT)
Received: from artemis.ecomunic.goias.gov.br (unknown [10.6.1.16])
by as.segplan.go.gov.br (Postfix) with SMTP id B2D617B902;
Tue,  9 Sep 2014 23:20:34 -0300 (BRT)
X-Virus-Scanned: amavisd-new at artemis.ecomunic.goias.gov.br
Date: Tue, 9 Sep 2014 23:20:31 -0300 (BRT)
From: Web Admin <laura-ff at semarh.goias.gov.br>
Message-ID: <97597813.546385.1410315631612.JavaMail.root at semarh.goias.gov.br>
Subject: att
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.6.128.44]
X-Mailer: Zimbra 7.2.7_GA_2942 (zclient/7.2.7_GA_2942)
To: undisclosed-recipients:;


Sep  9 23:31:39 intsrv044 postfix/smtpd[22327]: B3DEB2A016F:
client=localhost[127.0.0.1]
Sep  9 23:31:39 intsrv044 postfix/cleanup[22033]: B3DEB2A016F:
message-id=<97597813.546385.1410315631612.JavaMail.root at semarh.goias.gov.br>
Sep  9 23:31:39 intsrv044 postfix/qmgr[11246]: B3DEB2A016F:
from=<laura-ff at semarh.goias.gov.br>, size=2665, nrcpt=20 (queue
active)
Sep  9 23:31:39 intsrv044 amavis[18826]: (18826-11) Passed CLEAN
{RelayedInbound}, [IP_MX1]:35863 [189.2.188.131]
<laura-ff at semarh.goias.gov.br> ->
<agnaldo.lima at mydomain.com>,<alan at mydomain.com>,<amaral at mydomain.com>,<arnoudo at mydomain.com>,<auricio at mydomain.com>,<caio.pinheiro at mydomain.com>,<carneiro at mydomain.com>,<cdc at mydomain.com>,<centraldeservicos at mydomain.com>,<cinthya.diogenes at mydomain.com>,<claudiana.amaral at mydomain.com>,<concessaocdc at mydomain.com>,<cristino at mydomain.com>,<csirt at mydomain.com>,<cunha at mydomain.com>,<danielly.cunha at mydomain.com>,<denise at mydomain.com>,<etice at mydomain.com>,<helenira at mydomain.com>,<jcarlos.lima at mydomain.com>,
Queue-ID: A55772A016D, Message-ID:
<97597813.546385.1410315631612.JavaMail.root at semarh.goias.gov.br>,
mail_id: lTZPuM5PkD9Y, Hits: -200.771, size: 1984, queued_as:
B3DEB2A016F, 2073 ms
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<agnaldo.lima at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<alan at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1,
delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<amaral at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1,
delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<arnoudo at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<auricio at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<caio.pinheiro at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<carneiro at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0,status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<cdc at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1,
delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<centraldeservicos at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<cinthya.diogenes at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<claudiana.amaral at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<concessaocdc at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<cristino at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0,status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<csirt at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1,
delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<cunha at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1,
delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<danielly.cunha at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<denise at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1,
delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<etice at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1,
delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<helenira at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/lmtp[20175]: A55772A016D:
to=<jcarlos.lima at mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=2.1, delays=0.04/0/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B3DEB2A016F)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<agnaldo.lima at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<alan at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25, delay=0.23,
delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<amaral at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25, delay=0.23,
delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<arnoudo at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<auricio at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<caio.pinheiro at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<carneiro at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<cdc at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25, delay=0.23,
delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<centraldeservicos at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<cinthya.diogenes at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<claudiana.amaral at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<concessaocdc at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<cristino at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<csirt at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25, delay=0.23,
delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<cunha at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25, delay=0.23,
delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<danielly.cunha at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<denise at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25, delay=0.23,
delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<etice at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25, delay=0.23,
delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<helenira at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/smtp[21562]: B3DEB2A016F:
to=<jcarlos.lima at mydomain.com>, relay=IP_MAILBOX[IP_MAILBOX]:25,
delay=0.23, delays=0.04/0.03/0.01/0.14, dsn=2.0.0, status=sent (250
2.0.0 Ok: queued as 8F987884A55)
Sep  9 23:31:39 intsrv044 postfix/qmgr[11246]: B3DEB2A016F: removed


More information about the amavis-users mailing list