spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Bertoch" <ja...@electronet.net>
Subject RE: whitelist_from_rcvd question
Date Tue, 10 Jun 2008 13:02:42 GMT
 
> whitelist_from_rcvd only works for hosts that have a valid DNS map, both
> forward & reverse. This is to prevent spammers from forging a
> DNS reverse map to exploit a known whitelist_from_rcvd.
> 
> As your host '[75.145.201.209]' only has a reverse map (no forward map
> for that name) you cannot use whitelist_from_rcvd.
> 
>  # host 75.145.201.209
>  209.201.145.75.in-addr.arpa domain name pointer 75-145-201-209-
> Jacksonville.hfc.comcastbusiness.net.
>  # host 75-145-201-209-Jacksonville.hfc.comcastbusiness.net.
>  Host 75-145-201-209-Jacksonville.hfc.comcastbusiness.net not found:
> 3(NXDOMAIN)
> 
> So if you can get Comcast to put in a valid DNS forward map for that
> host name it should work.
> 

I think the problem is caused by the program I'm using to call SA.  If I
feed the message to SA directly from the command line, it matches the
whitelist and stops processing more rules.  To me, this implies
whitelist_from_rcvd doesn't really care about full circle rDNS.

If I'm wrong on this assessment, I can stop bothering my other list.
However, since we know that nobody can get the big ISP's to do anything
about forward or reverse DNS, what would be the appropriate way to whitelist
this sender?  Unfortunately, the sender has botched their SPF record(s) so
that option is out.


[3106] dbg: spf: checking to see if the message has a Received-SPF header
that we can use
[3106] dbg: spf: using Mail::SPF for SPF checks
[3106] dbg: spf: checking HELO (helo=!75.145.201.209!, ip=75.145.201.209)
[3106] dbg: spf: cannot check HELO of '!75.145.201.209!', skipping
[3106] dbg: spf: already checked for Received-SPF headers, proceeding with
DNS based checks
[3106] dbg: spf: checking EnvelopeFrom (helo=!75.145.201.209!,
ip=75.145.201.209, envfrom=ggriffin@greencovesprings.com)
[3106] dbg: spf: query for
ggriffin@greencovesprings.com/75.145.201.209/!75.145.201.209!: result:
permerror, comment: , text: Redundant applicable 'v=spf1' sender policies
found
[3106] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get
pass, skipping whitelist check
[3106] dbg: spf: whitelist_from_spf: already checked spf and didn't get
pass, skipping whitelist check



Mime
View raw message