I've just started using sender_maps instead of the welcomelist in
spamassassin directly and have a few questions. Here is my current
sender_map:
Is this `@score_sender_maps`?
'.gtenney.com' => [{ '.*@send.undone.com' => -100.0,
'.*@mg-d0.substack.com' => -100.0,
'.*@mg-d1.substack.com' => -100.0,
....
First, can you confirm it is only the envelope from that yo can whitelist
using this method?
Amavis checks envelope-from as well as header-from.
Is there any way to require SPF pass?
To my knowledge, no. If you want some kind of authentication, you can
use @author_to_policy_bank_maps (based on DKIM).
Instead of effectively whitelisting any emails from all of substack based
on the above, I wondered if I can use more of the lhs of the address. This
is the full envelope sender address:
bounce+77295b.63af5d-noelbaron=gtenney....@mg-d0.substack.com
I think the "77295b.63af5d" part may be dynamic (like a message-ID kind of
thing), so I was wondering if I could restrict it like the following?
'.*gtenney....@mg-d0.substack.com' => -100.0,
@score_sender_maps = ({
'.gtenney.com' => [
new_RE(
[ qr'=gtenney\.com@send\.undone\.com' => -100],
[ qr'=gtenney\.com@mg-d0\.substack\.com' => -100],
[ qr'=gtenney\.com@mg-d1\.substack\.com' => -100],
),
],
});
Also, when a message is whitelisted using this method, what is the
"actions_performed" field defined to be? It seems like SA still considers
it to be spam, but then amavisd also considers it to be quarantined yet
also delivers it?
Here's an example:
Apr 19 17:21:23 xavier amavis[679593]: (679593-18)
{"@timestamp":"2024-04-19T21:21:22.452Z","action":["DISCARD","PASS"],"actions_performed":"DiscardedInbound
RelayedInbound Quarantined","attached_file_names":["message.msg"],"author":"
watchrecon....@gmail.com"]
Looks like a multi-recipient mail, where one of the recipients triggered
a Discard+Quarantine and the other a Pass.
