Jump to content

spamassasin blocks messages from whitelist


Recommended Posts

Hi!

I have noticed, that some mail from my whitelist had ended to held folder. It seems, that SpamAssasin operates before whitelist operator, because these messages have been validated as spam by SA.

Could the mailing system work in different order and the whitelist rule would come first?

Tero

Link to comment
Share on other sites

I have noticed, that some mail from my whitelist had ended to held folder. It seems, that SpamAssasin operates before whitelist operator, because these messages have been validated as spam by SA.

Could the mailing system work in different order and the whitelist rule would come first?

I have had messages whitelisted with high SA scores. I don't have any currently in my inbox, however. When I get home, I will work on finding the most recent example I have.

Is it possible that the whitelist entry has problems? Can you post the headers of the message or submit the message for parsing then cancel the report and provide the Tracking URL here so we can see what we are dealing with? Also posting the whitelist entry you have that you think will match may be helpful.

Link to comment
Share on other sites

Is it possible that the whitelist entry has problems? Can you post the headers of the message or submit the message for parsing then cancel the report and provide the Tracking URL here so we can see what we are dealing with? Also posting the whitelist entry you have that you think will match may be helpful.

The entry for the whitelist is *.fi. Finns sell so few spam, that I can handle it personaly.

Here's a heading from a blocked .fi -message and I can't figure out, why it has been blocked.

Return-Path: <johanna.kurela[at]kolumbus.fi>

Delivered-To: spamcop-net-tmuhonnen[at]spamcop.net

Received: (qmail 23912 invoked from network); 22 Sep 2006 12:24:00 -0000

X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade1

X-spam-Level:

X-spam-Status: hits=0.8 tests=HTML_MESSAGE,J_CHICKENPOX_21,TW_SY,TW_YY

version=3.1.1

Received: from unknown (192.168.1.103)

by blade1.cesmail.net with QMQP; 22 Sep 2006 12:24:00 -0000

Received: from fe11.mail.saunalahti.fi (62.142.5.26)

by mx53.cesmail.net with SMTP; 22 Sep 2006 12:23:48 -0000

Received: from fep01-app.kolumbus.fi (fep01-0.kolumbus.fi [193.229.0.41])

by fe11.mail.saunalahti.fi (Postfix) with ESMTP id 24E436B0002

for <Tero.Muhonen[at]3angle.fi>; Fri, 22 Sep 2006 15:23:48 +0300 (EEST)

Received: from yournhtv55f634 ([81.197.18.126]) by fep01-app.kolumbus.fi

with SMTP

id <20060922122345.FQAC10406.fep01-app.kolumbus.fi[at]yournhtv55f634>;

Fri, 22 Sep 2006 15:23:45 +0300

Message-ID: <000901c6de41$f5874000$02ffa8c0[at]yournhtv55f634>

From: "Johanna Kurela" <johanna.kurela[at]kolumbus.fi>

To: "Heikki Lahelma" <heikki.lahelma[at]luukku.com>,

"Ilmari Homanen" <ilmari.homanen[at]kolumbus.fi>,

"Pasi Ritoniemi" <pasi.ritoniemi[at]kolumbus.fi>,

"Pekka Mauranen" <pekka.mauranen[at]netti.fi>,

"Ritva Kivi" <ritva.kivi[at]karjalansivistysseura.fi>,

"Sakari Vuoristo" <sakari.vuo[at]phnet.fi>,

"Tero Muhonen" <Tero.Muhonen[at]3angle.fi>

Subject: Yhteenveto juhlasta

Date: Fri, 22 Sep 2006 15:23:49 +0300

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0005_01C6DE5B.1A78EA80"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

X-SpamCop-Checked: 192.168.1.103 62.142.5.26 193.229.0.41 81.197.18.126

X-SpamCop-Disposition: Blocked list.dsbl.org

Link to comment
Share on other sites

spamcop.net' post='48201' date='Sep 22 2006, 02:34 PM']The entry for the whitelist is *.fi. Finns sell so few spam, that I can handle it personaly.

I may be wrong but I think the entry should be simply

fi

No * or .

That should pick any Email address ending in fi

That said, looks like this example was not trapped by SpamAssassion but by a listing in list.dsbl.org

Andrew

Edited by agsteele
Link to comment
Share on other sites

The entry for the whitelist is *.fi. I can't figure out, why it has been blocked

Look at these last two lines:

X-SpamCop-Checked: 192.168.1.103 62.142.5.26 193.229.0.41 81.197.18.126

X-SpamCop-Disposition: Blocked list.dsbl.org

The last IP on the "Checked" line is listed on the "Open relays" list at DSBL.org, and in your SpamCop email settings, you have selected that list (I recommend against it, as I get false positives with that list). In my SpamCop settings, I don't use the "DSBL open relays" or the "SORBS DNSbl."

More important, however, is that you're using a "wildcard" asterisk in your whitelist entry, but you shouldn't. Remove that entry and replace it with this:

fi

Even if you don't remove the "list.dsbl.org" from your settings, mail sent from that source will be whitelisted, and you'll then see this in the headers:

X-SpamCop-Whitelisted: fi

One more unrelated thing....you've used your actual email address as a forum username, but due to web-crawlers, spammers, etc., that's not a good idea. Perhaps Wazoo (the forum admin) can alter your login to protect you?

DT

Edited by Wazoo
Link to comment
Share on other sites

One more unrelated thing....you've used your actual email address as a forum username, but due to web-crawlers, spammers, etc., that's not a good idea. Perhaps Wazoo (the forum admin) can alter your login to protect you?

Spammers love Forum name = e-mail address .. title changed a time or two, still ignored by many ....

SECTION 7 - Change of Username also ignored by many ....

I only do requests .... trying to PM these folks ended up having the Forum-sent notifications of a new PM being reported as spam by way too many people ... others would receive my PM, which pointed to the Announcement which pointed to the FAQ and then decide to give Don/Deputies a hard time ... others stated that they "wanted" their address out there in the glare so they would get more spam .... I soon tired of trying to be proactive about this ....

Link to comment
Share on other sites

The entry for the whitelist is *.fi. Finns sell so few spam, that I can handle it personaly.

As stated elsewhere, and in the description on the whitelist page, the whitelist entry should be fi

Enter a domain or an entire email address on each line. Incoming email addresses are checked against the whitelist starting from the right and working toward the left. That is, if you enter spamcop.net, it will match any email address with spamcop.net at the right, including foo[at]spamcop.net or foo[at]bar.spamcop.net.
Link to comment
Share on other sites

One more unrelated thing....you've used your actual email address as a forum username, but due to web-crawlers, spammers, etc., that's not a good idea. Perhaps Wazoo (the forum admin) can alter your login to protect you?

Thank everyone to find the right form to my whitelist.

My spamcop adress is not the final adress I have and the mail goes thru the same filtering as all my public mail will do. I do not consider it as a problem - as long the mail is filtered.

Tero

Link to comment
Share on other sites

I do not consider it as a problem - as long the mail is filtered.

Maybe we're being too subtle. Tero, the reason we recommend that you change your username here is that you will probably receive a LOT more spam at that address if it remains unprotected. No matter how good your filters are, some will get through, so it's wise to take the simple step of asking Wazoo to change your username.

DT

Link to comment
Share on other sites

My spamcop adress is not the final adress I have and the mail goes thru the same filtering as all my public mail will do. I do not consider it as a problem - as long the mail is filtered.

Hmmmm ... I consider it an issue, that's why the FAQ entry, the Announcement posting ... JT would rather not have the much un-needed extra traffic coming into his servers .... more spam, more filtering, more storage translates into more processing power, more drive space needed to offset the user complaints of 'slow' service .... so I'm suspecting that it's an issue for him also ...

Link to comment
Share on other sites

  • 9 months later...

PM received today

I believe I got all the other instances edited.

Dear Wazoo!

It seems that my mistake - using existing adress as a user name - still exists on the "Posts of this Topics" list:

Posts in this topic

tmuhonnen[at]spamcop.net spamassasin blocks messages from whitelist Sep 22 2006, 03:46 AM

StevenUnderwood

Could you remove my address also from the list? I wold be gratefull, because I have tried to clean my operational addresses form the Internet quite hard.

tmuhonnen

Initial action: finally got around to doing a bit of an update to SECTION 7 - Change of Username .. had meant to this back when I received an 'official' response from IPB staff that adding in code to handle the 'embedded' instances wasn't going to happen.

ok, so then went to look for the remaining instances of the previous username in the Topics/Discussions that tmuhonnen was involved with, as the 'underlined description' was not in fact a link. went through all posts, looking for the usual "quoted", the salutations, etc .... couldn't find any that I had missed previously ....

so then, started looking at content .... gee whiz .... this topic includes an e-mail header, which includes many e-mail addresses ....ok, so now .. 10 months after the fact ....although the mung action did it's thing here ... should this next edit also include deleting of all the (other prople's exposed) matrerial that has been sitting here all this time? Simply noting that by now, it has also been picked up, indexed, and stored in numerous seravh engine listings/databases .....

PM sent with a ponter to 'here' in Reply.

And, while thinking about it, modified the Title/Description of this Topic

Link to comment
Share on other sites

  • 1 year later...

I have a recurring situation with the Jobserve daily mailing list. I have (a) jobserve.com and (B) the actual email address that sends the mailing in my whitelistspamcop1.png

However, the headers do not show any Whitelisting status, and the SpamAssassin score puts it in the Held Folder. I've also tried running with just jobserve.com in the whitelist, and I have triple checked that jobserve.com is not somehow in my blacklist. FYI, Jobserve is one of the oldest recruitment email newsletters on the Net!

My SpamCop setup is:

PUBLIC ADDRESS --pop3fetch----> SPAMCOP -------> PRIVATE MAILBOX

Return-Path: <srs0=hboqpe=5l=mail.jobserve.com=jobserve.jobsbyemail[at]example>

Delivery-Date: Fri, 09 Jan 2009 12:53:03 +0100

Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49])

by mx.kundenserver.de (node=mxeu5) with ESMTP (Nemesis)

id 0MKqpg-1LLFvC0Ycg-0004AD for removed; Fri, 09 Jan 2009 12:53:03 +0100

Received: from unknown (HELO beta.cesmail.net) ([192.168.1.150])

by c60.cesmail.net with SMTP; 09 Jan 2009 06:53:01 -0500

Received: (qmail 18383 invoked by uid 0); 9 Jan 2009 11:53:01 -0000

Delivered-To: imnotshowingthis[at]dasdspamcop.net

Received: (qmail 10436 invoked from network); 7 Jan 2009 21:45:18 -0000

X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7

X-spam-Level: *********

X-spam-Status: hits=9.4 tests=FUZZY_MERIDIA,MIME_QP_LONG_LINE,RDNS_NONE,

SARE_LWSHORTT,SARE_PROLOSTOCK_SYM3,TVD_STOCK1 version=3.2.4

Received: from unknown (192.168.1.107)

by filter7.cesmail.net with QMQP; 7 Jan 2009 21:45:18 -0000

Received: from unknown (HELO fetchmail.cesmail.net) (64.88.168.84)

by mx70.cesmail.net with SMTP; 7 Jan 2009 21:45:15 -0000

Delivery-date: Wed, 07 Jan 2009 16:32:49 -0500

Received: from pop.readyhosting.com [65.254.231.80]

by fetchmail.cesmail.net with POP3 (fetchmail-6.2.1)

for imnotshowingthis[at]gybuybspamcop.net (single-drop); Wed, 07 Jan 2009 16:13:50 -0500 (EST)

Received: from impinc01.yourhostingaccount.com ([10.1.13.101] helo=impinc01.yourhostingaccount.com)

by mailscan07.yourhostingaccount.com with esmtp (Exim)

id 1LKg1A-00046T-KB

for removed; Wed, 07 Jan 2009 16:32:48 -0500

Received: from xss9.mail.jobserve.com ([213.246.144.138])

by impinc01.yourhostingaccount.com with NO UCE

id 0lYn1b03m2zNlcM02lYoAg; Wed, 07 Jan 2009 16:32:48 -0500

X-EN-OrigIP: 213.246.144.138

X-EN-IMPSID: 0lYn1b03m2zNlcM02lYoAg

Date: Wed, 07 Jan 2009 21:32:43 +0000

FROM: "JobServe Subscription" <JobServe.JobsByEmail[at]mail.jobserve.com>

TO: removed[at]example

Reply-To: "JobServe Subscription" <JobServe.JobsByEmail[at]mail.jobserve.com>

X-Priority: 3

X-Mailer: JobServe-XSS.2.0.0

Message-ID: <000848000000ab18b760[at]xss9.mail.jobserve.com>

Subject: JobServe UK Subscription : Thursday, 08 January 2009

MIME-Version: 1.0

Content-Type: multipart/mixed;boundary="XSSXSSJOBSERVEXSSXSS000848000000ab18b760"

X-SpamCop-Checked:

X-SpamCop-Disposition: Blocked SpamAssassin=9

Envelope-To: removed

Link to comment
Share on other sites

I can't say why the whitelisting isn't working, but I'd suggest a simplification of the excessively complicated path which your mail is taking. You're having it "popped" from an external host using the popmail system, then after it passes through spamcop, forwarded onto somewhere else. Is there any reason that you can't set up a forwarding arrangement at the initial email account that would immediately forward to your SpamCop address? I'm not sure how the whitelist works in interaction with the popmail system.

DT

Link to comment
Share on other sites

As best as I can tell from the information you've provided the first entry should handle all the incoming mail from the jobs service BUT I have a niggling recollection that the whitelist actually works on the Return Path rather than reply to or from lines.

The return path in the example you've provided is very unusual and if my possibly faulty recollection is correct then I'm not sure how you could create a whitelist entry that would work.

The Wiki and/or FAQ may be the place to check...

Andrew

FOLLOW UP: Did a check in the Wiki and I was partially correct but the From line is one of the checked headers. So your whitelist entry should work. You might check your blacklists as well and double check you don't have a conflicting entry there.

Edited by agsteele
Link to comment
Share on other sites

  • 2 weeks later...
FOLLOW UP: Did a check in the Wiki and I was partially correct but the From line is one of the checked headers. So your whitelist entry should work. You might check your blacklists as well and double check you don't have a conflicting entry there.

I already thought about a possible conflict with the personal blacklist, and emptied it. So no conflict there.

The thing that puzzles me is that other addresses which are working as expected, show the correct 'SpamCop Whitelisted' headers, all attempts to do the same for JobServe - no headers.

Link to comment
Share on other sites

[at]DavidT

I switched to using POP to get mail into the SpamCop system because forwarding from the original host was causing problems. SpamCop was identifying my external email host as part of the chain of the message that needed reporting, when all it was doing was delivering to SpamCop. Adding my external provider to the mailhosts within SpamCop didn't seem to fix it at the time. Also, bizarrely, it is ONLY JobServe where I am seeing this problem. I am wondering if there is some other issue between JobServe and SpamCop that is outside of the whitelist?

Link to comment
Share on other sites

Adding my external provider to the mailhosts within SpamCop didn't seem to fix it at the time.

Then you gave up too quickly on the Mailhosts process. The deputies are ready, willing, and able to help you complete that successfully, and I'd recommend that you give that another try.

As to why it's only happening with this one source, I don't know. From what you showed us, I think that they really could use some lessons in how to create non-spammy emails. Look at the scoring on the one you posted:

X-spam-Status: hits=9.4 tests=FUZZY_MERIDIA,MIME_QP_LONG_LINE,RDNS_NONE,

SARE_LWSHORTT,SARE_PROLOSTOCK_SYM3,TVD_STOCK1

They should have RDNS, they shouldn't have long QP lines, etc....I know that doesn't address your issue, but if they want their messages to be deliverable, they should really learn a thing or two about how to properly configure their email system.

DT

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...