Hi,
> I was using the hash-type arrays. Would something like this work for the
>
> hash array to represent any sender at this domain?
>
> '.email.avi-8.com' => -100.0,
>
> Yes, but I was under the impression that you wanted to match VERP-style
> sender addresses, specifically.
>
I don't think I'm tied to any particular style, but still confused about
why whitelisting doesn't appear to work reliably for me yet.
Apr 19 17:21:23 xavier amavis[679593]: (679593-18)
> {"@timestamp":"2024-04-19T21:21:22.452Z","action":["DISCARD","PASS"],"actions_performed":"DiscardedInbound
> RelayedInbound
> Quarantined","attached_file_names":["message.msg"],"author":"watchrecon....@gmail.com"
> <watchrecon....@gmail.com>]
>
> Looks like a multi-recipient mail, where one of the recipients triggered a
> Discard+Quarantine and the other a Pass.
>
>
> Ah, yes, that looks like the case. I have an always_bcc user being used
> here, but it never used to be quarantined, even when the other recipient
> was.
>
> I traced the message to the final recipient, and he did receive it, but the
> bcc-user did not. What could have changed?
>
> Are you sure? I am not able to reproduce that. Your logline indicates that
> you log the report_json. Please check `action` and `ccat_main` of your bcc
> recipient in the report's `recipients` structure.
>
Here's a pastebin from an email similar to the above where one of the
recips is whitelisted while the other is quarantined (using report_json).
https://pastebin.com/8i6qwjvM
"recipients": [
{
"action": "DISCARD",
"ccat_blocking": "Spam",
"rcpt_is_local": true,
"rcpt_to": "bcc-u...@gambit.example.com",
"smtp_code": "250",
"smtp_response": "250 2.7.0 Ok, discarded, id=773043-07 - spam",
"spam_score": 5.988
},
{
"action": "PASS",
"ccat_main": "CleanTag",
"queued_as": "D44BDDC2",
"rcpt_is_local": true,
"rcpt_to": "hartm...@tenney.com",
"smtp_code": "250",
"smtp_response": "250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250
2.0.0 Ok: queued as D44BDDC2",
"spam_score": -94.012
}
It also reports the score in the quarantined file like, apparently showing
the value for each email.
X-Spam-Status: Yes, score=-94.012..5.988 tag=-200 tag2=5 kill=5
