spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <djo...@ena.com>
Subject Re: DCC whitelisting
Date Thu, 11 Jun 2015 15:58:45 GMT
>> On Wed, 10 Jun 2015, Shane Williams wrote:
>>
>>>  Two examples that I know are legitimate senders, but get caught by DCC
>>>  (and pyzor in some cases) and other rules that push them over the
>>>  threshold are the SourceForge.net Project of the Month list and
>>>  various Netflix emails to customers (New Arrivals or "we just added a
>>>  show you might like").  In both those cases, the user part of the
>>>  env_from changes, and as I understand it, the DCC Whitelist doesn't
>>>  allow wildcards, so I can't have an entry that matches the server
>>>  part.  Maybe I could be using the "substitute List-ID:" syntax, but
>>>  neither of those has List-ID as a specific header.
>>
>> Can you reliably identify those at the MTA level and tell the SA glue to skip them
entirely?

>I probably could, but that also seems kludgy.  DCC has a whitelisting
>capability, so why not use it?

>Am I misunderstading what DCC's whitelist is intended for?

DCC is most commonly used as one of many flags for "this is bulk
mail seen by a lot of other mail servers on the Internet."  There are
essentially two types of bulk senders -- trusted and untrusted.
Trusted senders like netflix.com will have a proper unsubscribe
process.  These trusted senders may or may not hit DCC rules so
I (and probably others on this list) whitelist them using
whitelist_from_dkim or whitelist_from_rcvd:

whitelist_from_dkim *@netflix.com
whitelist_from_rcvd *@mailer.netflix.com smtp-out.amazonses.com

Then you don't have to mess with the odd and limited DCC settings.

You could do this at the MTA level like John Hardin suggested but
I am using MailScanner so I need to optimize SA as much as possible.

P.S.  I have a very long list of trusted senders built over time to
provide a safe whitelist for shortcircuit'ing based on things that
can't be spoofed like DKIM and received headers (from my own MTA
that aren't forged).  These typically do not include "normal" mail
servers that could have a compromised account, just reliable bulk
senders that are usually on a number of Internet whitelists already.

Mime
View raw message