Hi!
It seems the SPF entry of senders's domain isn't allowing the
originating mail server. Originating server might be stripped off, so I
take a wild guess that it is a Google server (last Received: header).
[1]
The other rules are content based.
MIME_HTML_ONLY nags about missing alternative text besides html [2]
HTML_IMAGE_ONLY_08 nags about an image which seems to be used instead
of words to mitigate text-based scanning. [3]
As long as you send messages to yourself whitelisting will do the job,
but as soon as you send messages to someone external you'll end up with
the same problem again.
I'm by no means an expert for spamassassin or amavis but these are my
guesses.
within spamassassin:
####################
"SpamAssassin offers more control over whitelisted senders with the
whitelist_from_rcvd directive. This directive associates a sender's
email address with the hostname or domain name of the LAST TRUSTED
RELAY.
SpamAssassin uses DNS to do a reverse-lookup of the IP address of the
last trusted relay; the reverse-lookup yields one or more hostnames
associated with the IP address.
[...]
In order for SpamAssassin to distinguish trusted and untrusted relays,
you may need to set the trusted_networks option." [4]
"[...] By default, SpamAssassin works backward through the Received
headers, beginning with the one [atop -author's note] added by the MTA
on its own system (which is always trusted), and decides whether or not
the addresses in each header are trusted. [...]" [5]
So, you'd need those mailservers from google as trusted. -- I guess
there are more than this very "mail-it0-f45.google.com".
whitelist_from_rcvd *@SENDERTLD.COM mail-it0-f45.google.com
perhaps this might work too as it can be the hostname or the domain of
the trusted server.
whitelist_from_rcvd *@SENDERTLD.COM google.com
Don't forget to set trusted_networks too.
within amavis:
##############
A) As those mails are successfully DKIM signed you could do a hard or
soft whitelist by selecting a custom policy bank based on successful
DKIM and sender's envelope address (Return-Path: )
@author_to_policy_bank_maps = (
read_hash("/etc/amavisd/DKIM_sender_to_policy-bank") );
##
## content example /etc/amavisd/DKIM_sender_to_policy-bank
##
## '[email protected]' 'WHITELIST'
## 'SENDERTLD.com' 'MILD_WHITELIST'
# do no spamassassin checks at all
$policy_bank{'WHITELIST'} = {
bypass_spam_checks_maps => [1],
spam_lovers_maps => [1],
};
# reduce spam score by 3.0
$policy_bank{'MILD_WHITELIST'} = {
score_sender_maps => [ { '.' => [-3.0] } ],
};
B) Generally (even without DKIM) reduce spam score from sender either
for your personal recipient address or sitewide
@score_sender_maps = ({
'[email protected]' => [
read_hash("/etc/amavisd/sender_scores_recipient"), ],
'.' => [ read_hash("/etc/amavisd/sender_scores_sitewide"), ],
});
##
## content example /etc/amavisd/sender_scores_sitewide
##
## '[email protected]' '-3.0'
## 'SENDERTLD.com' '-1.5'
C) Generally trust this sender address
read_hash(\%whitelist_sender, '/etc/amavis/whitelist');
$policy_bank{'YOUR_COMMON_INCOMMING_CONF'} = {
# set incomming mails as NOT-originating
originating => 0,
# mails from trusted envelope senders
# are whitelisted by Spamassassin
whitelist_sender_maps => [ \%whitelist_sender ],
...
};
##
## content example /etc/amavisd/whitelist
##
## [email protected]
##
SENDERTLD.com
[1]https://support.google.com/a/answer/33786?hl=en&ref_topic=2759192&vi
sit_id=0-636552554295951700-2667039385&rd=1
[2]https://wiki.apache.org/spamassassin/Rules/MIME_HTML_ONLY
[3]https://wiki.apache.org/spamassassin/Rules/HTML_IMAGE_ONLY_08
[4]http://commons.oreilly.com/wiki/index.php/SpamAssassin/SpamAssassin_
Rules#Whitelisting_senders_by_relay
[5]http://commons.oreilly.com/wiki/index.php/SpamAssassin/SpamAssassin_
Rules#check_rbl.28_.29
On Tue, 1519599416-12-31 at 00:00 +0000, Voytek wrote:
>
>
> I have several domains where email is on gapps, and, noticed emails from
> such user get around 3+/spam, above my threshold of 3,
> tried to whitelist using such, but, didn't seem to work
>
> what the correct way to whitelst such domains, should that be
> gappssmtp.com ? as last item NOT SENDERTLD.com ?
>
> -----------
> cat /etc/mail/spamassassin/local.cf
> .../trim/...
> > whitelist_from_rcvd *@SENDERTLD.com SENDERTLD.com
>
>
> ===========
> > Return-Path: <[email protected]>
> Delivered-To: [email protected]
> Received: from localhost (localhost [127.0.0.1])
> > by geko.sbt.net.au (Postfix) with ESMTP id 9B5E664BF2E3
> > > for <[email protected]>; Thu, 22 Feb 2018 15:53:34 +1100 (AEDT)
> X-Virus-Scanned: amavisd-new at sbt.net.au
> X-Spam-Flag: NO
> X-Spam-Score: 3.86
> X-Spam-Level: ***
> X-Spam-Status: No, score=3.86 tagged_above=2 required=6.2
> > tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
> > HTML_IMAGE_ONLY_08=1.781,
> > HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.105, SPF_SOFTFAIL=0.972,
> > URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
> Authentication-Results: geko.sbt.net.au (amavisd-new);
> > dkim=pass (2048-bit key)
> > header.d=SENDERTLD-com.20150623.gappssmtp.com
> Received: from geko.sbt.net.au ([127.0.0.1])
> > by localhost (geko.sbt.net.au [127.0.0.1]) (amavisd-new, port
> > 10024)
> > > with ESMTP id V_DN-7-7FF3H for <[email protected]>;
> > Thu, 22 Feb 2018 15:53:27 +1100 (AEDT)
> Received: from mail-it0-f45.google.com (mail-it0-f45.google.com
> [209.85.214.45])
> > by geko.sbt.net.au (Postfix) with ESMTPS id 4308064D5D6F
> > > for <[email protected]>; Thu, 22 Feb 2018 15:53:25 +1100 (AEDT)
> Received: by mail-it0-f45.google.com with SMTP id n7so4769838ita.5
> > for <[email protected]>; Wed, 21 Feb 2018 20:53:25 -0800 (PST)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=SENDERTLD-com.20150623.gappssmtp.com; s=20150623;
> h=reply-to:to:from:subject:organization:message-id:date:user-agent
> :mime-version;
> bh=1jjbz+n4ebfJauh3AY80pwowR1/YCl/OFEbuXKJetXw=;
> /stripped/A==
> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=1e100.net; s=20161025;
> h=x-gm-message-state:reply-to:to:from:subject:organization:message-id
> :date:user-agent:mime-version;
> bh=1jjbz+n4ebfJauh3AY80pwowR1/YCl/OFEbuXKJetXw=;
> /stripped/==
>
>
