Return-Path: Delivered-To: apmail-spamassassin-users-archive@www.apache.org Received: (qmail 98033 invoked from network); 10 Jun 2008 00:06:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Jun 2008 00:06:02 -0000 Received: (qmail 3945 invoked by uid 500); 10 Jun 2008 00:05:54 -0000 Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org Received: (qmail 3916 invoked by uid 500); 10 Jun 2008 00:05:54 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 3905 invoked by uid 99); 10 Jun 2008 00:05:54 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Jun 2008 17:05:54 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=NORMAL_HTTP_TO_IP,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dbfunk@engineering.uiowa.edu designates 128.255.18.25 as permitted sender) Received: from [128.255.18.25] (HELO mail.engineering.uiowa.edu) (128.255.18.25) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Jun 2008 00:05:02 +0000 Received: from d-is00.icaen.uiowa.edu (d-is00.icaen.uiowa.edu [128.255.17.30]) (authenticated user=dbfunk bits=0) by mail.engineering.uiowa.edu (8.13.2/mail-MSA-1.8) with ESMTP id m5A03lnQ023309 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); (envelope-from ) Mon, 9 Jun 2008 19:03:52 -0500 (CDT) Date: Mon, 9 Jun 2008 19:03:47 -0500 (CDT) From: David B Funk To: Jason Bertoch cc: users@spamassassin.apache.org Subject: Re: whitelist_from_rcvd question In-Reply-To: <02c001c8ca6a$7140b7b0$53c22710$@net> Message-ID: References: <02c001c8ca6a$7140b7b0$53c22710$@net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Checked: Checked by ClamAV on apache.org On Mon, 9 Jun 2008, Jason Bertoch wrote: > "whitelist_from_rcvd *@greencovesprings.com > 75-145-201-209-Jacksonville.hfc.comcastbusiness.net" > > is in my local.cf yet a message with the following headers didn't match. > Any ideas? > > Return-Path: > Received: from [75.145.201.209] > (75-145-201-209-Jacksonville.hfc.comcastbusiness.net [75.145.201.209] (may > be forged)) > by mail.electronet.net (8.14.2/8.14.2) with ESMTP id m54DeD5V009962 > for ; Wed, 4 Jun 2008 09:40:19 -0400 > From: "Gregg Griffin" > > > The rules that did match are below. I'm running sendmail 8.14.2 with SA > v3.2.4. > > X-Spam-Score: 5.221 (*****) > BOTNET,HELO_EQ_IP_ADDR,HTML_MESSAGE,RDNS_NONE,UNPARSEABLE_RELAY whitelist_from_rcvd only works for hosts that have a valid DNS map, both forward & reverse. This is to prevent spammers from forging a DNS reverse map to exploit a known whitelist_from_rcvd. As your host '[75.145.201.209]' only has a reverse map (no forward map for that name) you cannot use whitelist_from_rcvd. # host 75.145.201.209 209.201.145.75.in-addr.arpa domain name pointer 75-145-201-209-Jacksonville.hfc.comcastbusiness.net. # host 75-145-201-209-Jacksonville.hfc.comcastbusiness.net. Host 75-145-201-209-Jacksonville.hfc.comcastbusiness.net not found: 3(NXDOMAIN) So if you can get Comcast to put in a valid DNS forward map for that host name it should work. -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{