Whitelist advice, correct way to minimize score for known domains from gapps

Martin Johannes Dauser mdauser at cs.sbg.ac.at
Tue Feb 26 14:37:21 CET 2019


Hi!

Received: from mail-it0-f45.google.com by geko.sbt.net.au

so

whitelist_from_rcvd *@SENDERTLD.com google.com

should work. BUT this kind of whitelisting needs Google's
relays/servers to be trusted in terms of "This mailserver won't forge
headers and is not expected to originate spam." 
(I guess mail-it0-f45.google.com won't be the only server in use.)

https://wiki.apache.org/spamassassin/WhitelistFromRcvdAndTrust

Sadly, you would need the IP addresses or the IP address range of
Google's mailservers. -- The latter would result in a shorter config.
There's no syntax to trust *.google.com .

Examples:
   trusted_networks 192.168.0.0/16        # all in 192.168.*.*
   trusted_networks 192.168.              # all in 192.168.*.*
   trusted_networks 212.17.35.15          # just that host

   trusted_networks !10.0.1.5 10.0.1/24   # all in 10.0.1.* but not
10.0.1.5

   trusted_networks 2001:db8:1::1 !2001:db8:1::/64 2001:db8::/32
# 2001:db8::/32 and 2001:db8:1::1/128, except the rest of
2001:db8:1::/64

Perhaps using amavis' build-in whitelisting is easier in this case?
Martin Johannes Dauser

On Tue, 1519599416-12-31 at 00:00 +0000, Voytek wrote:
> 
> I have several domains where email is on gapps, and, noticed emails
> from
> such user get around 3+/spam, above my threshold of 3,
> tried to whitelist using such, but, didn't seem to work
> 
> what the correct way to whitelst such domains, should that be
> gappssmtp.com ? as last item NOT SENDERTLD.com ?
> 
> -----------
> cat  /etc/mail/spamassassin/local.cf
> .../trim/...
> whitelist_from_rcvd *@SENDERTLD.com SENDERTLD.com
> 
> 
> ===========
> Return-Path: <dddddd at SENDERTLD.com>
> Delivered-To: voytek at sbt.net.au
> Received: from localhost (localhost [127.0.0.1])
>     	by geko.sbt.net.au (Postfix) with ESMTP id 9B5E664BF2E3
>     	for <voytek at sbt.net.au>; Thu, 22 Feb 2018 15:53:34 +1100
> (AEDT)
> X-Virus-Scanned: amavisd-new at sbt.net.au
> X-Spam-Flag: NO
> X-Spam-Score: 3.86
> X-Spam-Level: ***
> X-Spam-Status: No, score=3.86 tagged_above=2 required=6.2
>     	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
> HTML_IMAGE_ONLY_08=1.781,
>     	HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.105,
> SPF_SOFTFAIL=0.972,
>     	URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
> Authentication-Results: geko.sbt.net.au (amavisd-new);
>     	dkim=pass (2048-bit key) header.d=SENDERTLD-
> com.20150623.gappssmtp.com
> Received: from geko.sbt.net.au ([127.0.0.1])
>     	by localhost (geko.sbt.net.au [127.0.0.1]) (amavisd-new,
> port 10024)
>     	with ESMTP id V_DN-7-7FF3H for <voytek at sbt.net.au>;
>     	Thu, 22 Feb 2018 15:53:27 +1100 (AEDT)
> Received: from mail-it0-f45.google.com (mail-it0-f45.google.com
> [209.85.214.45])
>     	by geko.sbt.net.au (Postfix) with ESMTPS id 4308064D5D6F
>     	for <voytek at sbt.net.au>; Thu, 22 Feb 2018 15:53:25 +1100
> (AEDT)
> Received: by mail-it0-f45.google.com with SMTP id n7so4769838ita.5
>      for <voytek at sbt.net.au>; Wed, 21 Feb 2018 20:53:25 -0800 (PST)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>      d=SENDERTLD-com.20150623.gappssmtp.com; s=20150623;
>      h=reply-to:to:from:subject:organization:message-id:date:user-
> agent
>      :mime-version;
>      bh=1jjbz+n4ebfJauh3AY80pwowR1/YCl/OFEbuXKJetXw=;
>      /stripped/A==
> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>      d=1e100.net; s=20161025;
>      h=x-gm-message-state:reply-
> to:to:from:subject:organization:message-id
>      :date:user-agent:mime-version;
>      bh=1jjbz+n4ebfJauh3AY80pwowR1/YCl/OFEbuXKJetXw=;
> /stripped/==
> 
> 


More information about the amavis-users mailing list