sender maps and whitelisting

Alex mysqlstudent at gmail.com
Tue Apr 23 17:54:47 CEST 2024 

Hi,

> I was using the hash-type arrays. Would something like this work for the
>
> hash array to represent any sender at this domain?
>
>                          '.email.avi-8.com'                      => -100.0,
>
> Yes, but I was under the impression that you wanted to match VERP-style
> sender addresses, specifically.
>

I don't think I'm tied to any particular style, but still confused about
why whitelisting doesn't appear to work reliably for me yet.

Apr 19 17:21:23 xavier amavis[679593]: (679593-18)
> {"@timestamp":"2024-04-19T21:21:22.452Z","action":["DISCARD","PASS"],"actions_performed":"DiscardedInbound
> RelayedInbound Quarantined","attached_file_names":["message.msg"],"author":"watchrecon.com at gmail.com" <watchrecon.com at gmail.com>]
>
> Looks like a multi-recipient mail, where one of the recipients triggered a
> Discard+Quarantine and the other a Pass.
>
>
> Ah, yes, that looks like the case. I have an always_bcc user being used
> here, but it never used to be quarantined, even when the other recipient
> was.
>
> I traced the message to the final recipient, and he did receive it, but the
> bcc-user did not. What could have changed?
>
> Are you sure? I am not able to reproduce that. Your logline indicates that
> you log the report_json. Please check `action` and `ccat_main` of your bcc
> recipient in the report's `recipients` structure.
>

Here's a pastebin from an email similar to the above where one of the
recips is whitelisted while the other is quarantined (using report_json).
https://pastebin.com/8i6qwjvM

  "recipients": [
    {
      "action": "DISCARD",
      "ccat_blocking": "Spam",
      "rcpt_is_local": true,
      "rcpt_to": "bcc-user at gambit.example.com",
      "smtp_code": "250",
      "smtp_response": "250 2.7.0 Ok, discarded, id=773043-07 - spam",
      "spam_score": 5.988
    },
    {
      "action": "PASS",
      "ccat_main": "CleanTag",
      "queued_as": "D44BDDC2",
      "rcpt_is_local": true,
      "rcpt_to": "hartmann at tenney.com",
      "smtp_code": "250",
      "smtp_response": "250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250
2.0.0 Ok: queued as D44BDDC2",
      "spam_score": -94.012
    }

It also reports the score in the quarantined file like, apparently showing
the value for each email.
X-Spam-Status: Yes, score=-94.012..5.988 tag=-200 tag2=5 kill=5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20240423/0d697f7b/attachment.htm>

More information about the amavis-users mailing list