Whitelisting envelope-from

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Whitelisting envelope-from

Alex Regan
Hi,
I have an email with an address as follows that I'd like to whitelist:

X-Envelope-From: <[hidden email]>

Using whitelist_auth doesn't appear to work:

whitelist_auth FredSavage*@cmail19.com

This was really more of an experiment. I'd probably have to generalize
the right side because the mail could come from any of the cmail*.com
systems, and that just looks too dangerous to rely on.

Can I somehow benefit from the DKIM sig? It did not hit DKIM_VALID_AU.

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=cm; d=example.com;
 h=Subject:From:To:Reply-To:Date:MIME-Version:Content-Type:List-Unsubscribe:Message-ID;
i=[hidden email];
 bh=u6iVMkwz/zWQtjQSeK69bFJbz20=;
 b=CIFpXKQXg1njX8xuPgki5rexAkanCMoaagxZUG431KdyM5r1f2W+pTxkRYmyYtvsNAkO6KLRL
   U0n/gGrJi1avhRcxgfe8naqfwyCfjMdOk7bfrsMEzndUoLhVj6nt

Thanks,
Alex
Reply | Threaded
Open this post in threaded view
|

Re: Whitelisting envelope-from

David Jones
On 06/01/2018 02:37 PM, Alex wrote:

> Hi,
> I have an email with an address as follows that I'd like to whitelist:
>
> X-Envelope-From: <[hidden email]>
>
> Using whitelist_auth doesn't appear to work:
>
> whitelist_auth FredSavage*@cmail19.com
>
> This was really more of an experiment. I'd probably have to generalize
> the right side because the mail could come from any of the cmail*.com
> systems, and that just looks too dangerous to rely on.
>
> Can I somehow benefit from the DKIM sig? It did not hit DKIM_VALID_AU.
>
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=cm; d=example.com;
>   h=Subject:From:To:Reply-To:Date:MIME-Version:Content-Type:List-Unsubscribe:Message-ID;
> i=[hidden email];
>   bh=u6iVMkwz/zWQtjQSeK69bFJbz20=;
>   b=CIFpXKQXg1njX8xuPgki5rexAkanCMoaagxZUG431KdyM5r1f2W+pTxkRYmyYtvsNAkO6KLRL
>     U0n/gGrJi1avhRcxgfe8naqfwyCfjMdOk7bfrsMEzndUoLhVj6nt
>
> Thanks,
> Alex
>

I have a 'whitelist_auth *@cmail19.com' entry and have experienced no
problems/complaints with createsend.com.  They have a valid unsubscribe
link and appear to take abuse reports seriously.  Until I have any
problems from them, I will keep this whitelist_auth entry.

--
David Jones
Reply | Threaded
Open this post in threaded view
|

Re: Whitelisting envelope-from

Martin Gregorie-2
In reply to this post by Alex Regan
On Fri, 2018-06-01 at 15:37 -0400, Alex wrote:

> Hi,
> I have an email with an address as follows that I'd like to
> whitelist:
>
> X-Envelope-From: <[hidden email]>
>
> Using whitelist_auth doesn't appear to work:
>
> whitelist_auth FredSavage*@cmail19.com
>
Try

  whitelist_auth FredSavage.*@cmail19.com
                           ^
You used UNIX shell notation where '*' represents any number of chars.
In Perl regexes '*' repeats the previous pattern element - in this case
'e'.


Martin


Reply | Threaded
Open this post in threaded view
|

Re: Whitelisting envelope-from

David B Funk
On Fri, 1 Jun 2018, Martin Gregorie wrote:

> On Fri, 2018-06-01 at 15:37 -0400, Alex wrote:
>> Hi,
>> I have an email with an address as follows that I'd like to
>> whitelist:
>>
>> X-Envelope-From: <[hidden email]>
>>
>> Using whitelist_auth doesn't appear to work:
>>
>> whitelist_auth FredSavage*@cmail19.com
>>
> Try
>
>  whitelist_auth FredSavage.*@cmail19.com
>                           ^
> You used UNIX shell notation where '*' represents any number of chars.
> In Perl regexes '*' repeats the previous pattern element - in this case
> 'e'.
>
>
> Martin

Martin what you say is true for general perl code but the 'whitelist' stuff
explicitly does -NOT- use perl regexes. If you read the Mail::SpamAssassin::Conf
docs for that stuff you'll see:

     Whitelist and blacklist addresses are now file-glob-style patterns, so "[hidden email]", "*@isp.com", or "*.domain.net" will all
     work.  Specifically, "*" and "?" are allowed, but all other metacharacters are not. Regular expressions are not used for security reasons.
     Matching is case-insensitive.

If the whitelist_auth does not work it may be the case that the necessary 'auth' stuff
(either SPF or DKIM ) isn't working for that particular address.

Save a copy of one of those messages and run it thru "spamassassin -D" to see the
debugging report on that process.



--
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{