Re: R: R: R: A plugin to legitimate email when SPF and DKIM missing

[Matus UHLAR - fantomas]

On 09.08.16 15:43, Nicola Piazzi wrote:

WHITELIST_FROM_RCVD require to know mailserver name

Take this example :
whitelist_from_rcvd *@axkit.org  sergeant.org

We want to accept all domain axkit.org and we are sure that is not spoofing 
when it come from names that end with domain sergeant.org

But if I have only email address I cant write a line like this, I don't know 
mailserver domain


yes, that's what whitelist_from_dkim, whitelist_from_spf and whitelist_auth
and their lightened def_ variants do.

you don't need to know mail servers' name, just the domain.

however: people do spam from gmail and through gmail servers. Also many
others. one needs to be very careful about whitelist (even def_whitelist)


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)

R: [SOLVED] R: A plugin to legitimate email when SPF and DKIM missing

[Nicola Piazzi]

I usually doesnt use whitelisting so much
I wrote a couple of scripts that can be put in cron
They read my sql log, extract message id and create whitelist rules based on 
reply on your sender id
Thay match 55% of incoming clean mail at now for me

Download and read more here
https://forum.efa-project.org/viewtopic.php?f=14&t=1769




Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it



-Messaggio originale-
Da: li...@rhsoft.net [mailto:li...@rhsoft.net] 
Inviato: mercoledì 10 agosto 2016 12:14
A: users@spamassassin.apache.org
Oggetto: Re: [SOLVED] R: A plugin to legitimate email when SPF and DKIM missing



Am 10.08.2016 um 12:00 schrieb Nicola Piazzi:
>
> I wrote this simple plugin, mxpf
> This plugin search B class of sender Ip Address and try to match B 
> class of any Ip of mx records of declared domain So when it match is 
> very difficolut that sender is a spoofed domain, you can use MXPF_PASS 
> to combine with other rules in addition to SPF_PASS
>
> 1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
> 2) put your score in mxpf.cf
>
> Download here :
>
> https://forum.efa-project.org/viewtopic.php?f=14&t=1777

that looks really good

on piece missing - something like "whitelist_mx" working the same way as 
"whilelist_auth" to combine it with shortcicuit to complement whitelist by spf 
with that for senders you trust but don't have SPF/DKIM for whitelist_auth

whitelist_mx sen...@domain.tld
whitelist_mx *@domain.tld

Re: [SOLVED] R: A plugin to legitimate email when SPF and DKIM missing

[li...@rhsoft.net]

Am 10.08.2016 um 12:00 schrieb Nicola Piazzi:


I wrote this simple plugin, mxpf
This plugin search B class of sender Ip Address and try to match B class of any 
Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can 
use MXPF_PASS to combine with other rules in addition to SPF_PASS

1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf

Download here :

https://forum.efa-project.org/viewtopic.php?f=14&t=1777


that looks really good

on piece missing - something like "whitelist_mx" working the same way as 
"whilelist_auth" to combine it with shortcicuit to complement whitelist 
by spf with that for senders you trust but don't have SPF/DKIM for 
whitelist_auth


whitelist_mx sen...@domain.tld
whitelist_mx *@domain.tld

[SOLVED] R: A plugin to legitimate email when SPF and DKIM missing

[Nicola Piazzi]

I wrote this simple plugin, mxpf
This plugin search B class of sender Ip Address and try to match B class of any 
Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can 
use MXPF_PASS to combine with other rules in addition to SPF_PASS

1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf 

Download here :

https://forum.efa-project.org/viewtopic.php?f=14&t=1777


Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it



-Messaggio originale-
Da: John Hardin [mailto:jhar...@impsec.org] 
Inviato: martedì 9 agosto 2016 23:04
A: users@spamassassin.apache.org
Oggetto: Re: A plugin to legitimate email when SPF and DKIM missing

On Tue, 9 Aug 2016, li...@rhsoft.net wrote:
>
> Am 09.08.2016 um 18:08 schrieb Kevin Golding:
>>  Based on what you're trying to do:
>>
>>  man dig
>
> don't help, see below
>
>>  or depending on your resolver possibly:
>>
>>  man drill
>
> don't help, see below
>
>>  Whilst I agree it is slightly more effort to set-up whitelisting by  
>> looking up the details first it would still be far more resource  
>> efficient on your servers
>
> that don't catch the problem if the MX changes that you need to 
> permanently watch your "whitelist_from_rcvd" and maintain them

So script it.

Write a script that reads a list of domain names, does digs to get those 
domains' MX hosts, and writes whitelist_from_rcvd rules for them to a local 
config file. Run that every night as part of your scheduled sa-update script.

-- 
  John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
  jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
   The question of whether people should be allowed to harm themselves
   is simple. They *must*.   -- Charles Murray
---
  6 days until the 71st anniversary of the end of World War II

Re: A plugin to legitimate email when SPF and DKIM missing

[John Hardin]

On Tue, 9 Aug 2016, li...@rhsoft.net wrote:


Am 09.08.2016 um 18:08 schrieb Kevin Golding:

 Based on what you're trying to do:

 man dig


don't help, see below


 or depending on your resolver possibly:

 man drill


don't help, see below


 Whilst I agree it is slightly more effort to set-up whitelisting by
 looking up the details first it would still be far more resource
 efficient on your servers


that don't catch the problem if the MX changes that you need to 
permanently watch your "whitelist_from_rcvd" and maintain them


So script it.

Write a script that reads a list of domain names, does digs to get those 
domains' MX hosts, and writes whitelist_from_rcvd rules for them to a 
local config file. Run that every night as part of your scheduled 
sa-update script.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  The question of whether people should be allowed to harm themselves
  is simple. They *must*.   -- Charles Murray
---
 6 days until the 71st anniversary of the end of World War II

Re: A plugin to legitimate email when SPF and DKIM missing

[li...@rhsoft.net]

Am 09.08.2016 um 18:08 schrieb Kevin Golding:

Based on what you're trying to do:

man dig


don't help, see below


or depending on your resolver possibly:

man drill


don't help, see below


Whilst I agree it is slightly more effort to set-up whitelisting by
looking up the details first it would still be far more resource
efficient on your servers


that don't catch the problem if the MX changes that you need to 
permanently watch your "whitelist_from_rcvd" and maintain them


his point is pretty sure that he want to be able to rely on the senders 
DNS like whitelisting by DKIM or SPF does


given the amount of DNS records in summary (RBL, URIBL, DKIM, SPF) that 
single one is not a topic for "more resource efficient" and in any case 
outweights the maintainance burden of "whitelist_from_rcvd" lines

Re: R: R: R: A plugin to legitimate email when SPF and DKIM missing

[Kevin Golding]

On Tue, 09 Aug 2016 16:43:50 +0100, Nicola Piazzi  
 wrote:



WHITELIST_FROM_RCVD require to know mailserver name

Take this example :
whitelist_from_rcvd *@axkit.org  sergeant.org

We want to accept all domain axkit.org and we are sure that is not  
spoofing when it come from names that end with domain sergeant.org


But if I have only email address I cant write a line like this, I don't  
know mailserver domain


Based on what you're trying to do:

man dig

or depending on your resolver possibly:

man drill

Whilst I agree it is slightly more effort to set-up whitelisting by  
looking up the details first it would still be far more resource efficient  
on your servers.


Personally I tend to just read the headers of a received mail since that  
tends to give a very big clue as to what the pattern will be. If they  
can't send a single message through without whitelisting there are  
probably bigger worries that the easiest way to maintain such records.  
Again, it is admittedly slightly more effort to set-up but it still  
reduces the overheard of a DNS query to check the MX every time and allows  
senders to utilise different inbound and outbound servers (also mails  
through websites and third party companies).


However to th best of my knowledge the short answer to your original  
question is: "No, there's nothing (publicly) available to do what you want  
to do. You'll need to code it yourself or use some of the alternatives  
that have been suggested". I think most of us wouldn't use such a plugin  
since it is so easy to optimise that process by doing a single DNS query  
at set-up rather than checking the MX of every incoming email.

R: R: R: A plugin to legitimate email when SPF and DKIM missing

[Nicola Piazzi]

WHITELIST_FROM_RCVD require to know mailserver name

Take this example :
whitelist_from_rcvd *@axkit.org  sergeant.org

We want to accept all domain axkit.org and we are sure that is not spoofing 
when it come from names that end with domain sergeant.org

But if I have only email address I cant write a line like this, I don't know 
mailserver domain






Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it



-Messaggio originale-
Da: RW [mailto:rwmailli...@googlemail.com] 
Inviato: martedì 9 agosto 2016 17:39
A: users@spamassassin.apache.org
Oggetto: Re: R: R: A plugin to legitimate email when SPF and DKIM missing

On Tue, 9 Aug 2016 15:19:08 +
Nicola Piazzi top-posted:

> I dont know if you want to find a solution of if you want to say why i 
> am searching one. Reason is this :
> I have SPF_PASS, a variable that tell me that who send is proprietary 
> of that domain I KNOW PERFECTLY THAT SOMEONE CAN TELL SPAM WITH A 
> PURCHASED REGULAR NON SPOOFED DOMAIN But I can combine SPF_PASS with a 
> list of email address, for example, but not all put SPF in dns, so 
> with MX I have another chance

I'm confused now because "combine SPF_PASS with a list of email address" sounds 
like whitelisting, which is something you implied you didn't want to do when 
whitelist_from_rcvd was mentioned. 

Re: A plugin to legitimate email when SPF and DKIM missing

[li...@rhsoft.net]

Am 09.08.2016 um 17:39 schrieb RW:

On Tue, 9 Aug 2016 15:19:08 +
Nicola Piazzi top-posted:


I dont know if you want to find a solution of if you want to say why
i am searching one. Reason is this :
I have SPF_PASS, a variable that tell me that who send is proprietary
of that domain I KNOW PERFECTLY THAT SOMEONE CAN TELL SPAM WITH A
PURCHASED REGULAR NON SPOOFED DOMAIN But I can combine SPF_PASS with
a list of email address, for example, but not all put SPF in dns, so
with MX I have another chance


I'm confused now because "combine SPF_PASS with a list of email
address" sounds like whitelisting, which is something you implied you
didn't want to do when whitelist_from_rcvd was mentioned


the hostname of the sending machine may change - the fact that it's the 
MX is likely more stable even when the ISP get changed - in case a IP 
has more than one PTR (happens often) or becomes a second one you need 
to whitelist all of them - the question "is this ip listed as MX" stays 
stable

Re: R: R: A plugin to legitimate email when SPF and DKIM missing

[RW]

On Tue, 9 Aug 2016 15:19:08 +
Nicola Piazzi top-posted:

> I dont know if you want to find a solution of if you want to say why
> i am searching one. Reason is this :
> I have SPF_PASS, a variable that tell me that who send is proprietary
> of that domain I KNOW PERFECTLY THAT SOMEONE CAN TELL SPAM WITH A
> PURCHASED REGULAR NON SPOOFED DOMAIN But I can combine SPF_PASS with
> a list of email address, for example, but not all put SPF in dns, so
> with MX I have another chance

I'm confused now because "combine SPF_PASS with a list of email
address" sounds like whitelisting, which is something you implied you
didn't want to do when whitelist_from_rcvd was mentioned. 

R: R: A plugin to legitimate email when SPF and DKIM missing

[Nicola Piazzi]

I dont know if you want to find a solution of if you want to say why i am 
searching one.
Reason is this :
I have SPF_PASS, a variable that tell me that who send is proprietary of that 
domain
I KNOW PERFECTLY THAT SOMEONE CAN TELL SPAM WITH A PURCHASED REGULAR NON 
SPOOFED DOMAIN
But I can combine SPF_PASS with a list of email address, for example, but not 
all put SPF in dns, so with MX I have another chance


Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it



-Messaggio originale-
Da: Merijn van den Kroonenberg [mailto:mer...@web2all.nl] 
Inviato: martedì 9 agosto 2016 16:41
A: users@spamassassin.apache.org
Oggetto: Re: R: A plugin to legitimate email when SPF and DKIM missing

> On Tue, 9 Aug 2016 08:45:54 +
> Nicola Piazzi wrote:
>
>> whitelist_from_rcvd is intended to legitimate a single somain, 
>> specifiing domain by domain
>>
>> I need something that tell me that check all incoming email and say 
>> if the originating ip (or class c) is the same of mx record
>>
>> This can be intended like an SPF_PASS when people doesn t set spf at 
>> all.
>
> I think the reason that he mentioned whitelist_from_rcvd is that the 
> absence of SPF or DKIM doesn't score anything in any of the default 
> scoresets.
>

In fact SPF or DKIM does not tell us anything about spammy (or hammy) ness. 
Spammers use spf and dkim too. The usefulness of DKIM and SPF is in combination 
with *specific* domains.

So your mx check would also be only useful in combination with *specific* 
domains. And when you are doing specfic domains then you could just do 
whitelist_from_rcvd.

So I am not sure what your intention is with this MX check. Would you score 
senders who fail it? Or would you blindly reward (whitelist) servers who match 
the MX subnet?

Re: R: A plugin to legitimate email when SPF and DKIM missing

[Merijn van den Kroonenberg]

> On Tue, 9 Aug 2016 08:45:54 +
> Nicola Piazzi wrote:
>
>> whitelist_from_rcvd is intended to legitimate a single somain,
>> specifiing domain by domain
>>
>> I need something that tell me that check all incoming email and say
>> if the originating ip (or class c) is the same of mx record
>>
>> This can be intended like an SPF_PASS when people doesn t set spf at
>> all.
>
> I think the reason that he mentioned whitelist_from_rcvd is that the
> absence of SPF or DKIM doesn't score anything in any of the default
> scoresets.
>

In fact SPF or DKIM does not tell us anything about spammy (or hammy)
ness. Spammers use spf and dkim too. The usefulness of DKIM and SPF is in
combination with *specific* domains.

So your mx check would also be only useful in combination with *specific*
domains. And when you are doing specfic domains then you could just do
whitelist_from_rcvd.

So I am not sure what your intention is with this MX check. Would you
score senders who fail it? Or would you blindly reward (whitelist) servers
who match the MX subnet?

Re: R: A plugin to legitimate email when SPF and DKIM missing

[RW]

On Tue, 9 Aug 2016 08:45:54 +
Nicola Piazzi wrote:

> whitelist_from_rcvd is intended to legitimate a single somain,
> specifiing domain by domain
> 
> I need something that tell me that check all incoming email and say
> if the originating ip (or class c) is the same of mx record
> 
> This can be intended like an SPF_PASS when people doesn t set spf at
> all.

I think the reason that he mentioned whitelist_from_rcvd is that the
absence of SPF or DKIM doesn't score anything in any of the default
scoresets.

Re: R: R: A plugin to legitimate email when SPF and DKIM missing

[Axb]

Please keep list mail on the list.
Direct replies unless stated as OFFLIST are not welcome.


On 08/09/2016 10:51 AM, Nicola Piazzi wrote:

Hi,
I dont want to specify some names
I need a rule that tell me if an email was sent using the same ip of the domain 
mx record
So I am sure that the email come from a server owned by the proprietary of the 
domain like spf check do

Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna – Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it



-Messaggio originale-
Da: Axb [mailto:axb.li...@gmail.com]
Inviato: martedì 9 agosto 2016 10:48
A: users@spamassassin.apache.org
Oggetto: Re: R: A plugin to legitimate email when SPF and DKIM missing

FTR: you can also do

whitelist_from_rcvd *@* gruppocomet.it
or
whitelist_from_rcvd *@*.it gruppocomet.it

or variations of...

On 08/09/2016 10:45 AM, Nicola Piazzi wrote:

whitelist_from_rcvd is intended to legitimate a single somain,
specifiing domain by domain

I need something that tell me that check all incoming email and say if
the originating ip (or class c) is the same of mx record

This can be intended like an SPF_PASS when people doesn t set spf at all.



Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it



-Messaggio originale-
Da: Kevin Golding [mailto:k...@caomhin.org]
Inviato: martedì 9 agosto 2016 10:28
A: users@spamassassin.apache.org
Oggetto: Re: A plugin to legitimate email when SPF and DKIM missing

On Tue, 09 Aug 2016 09:10:06 +0100, Nicola Piazzi 
 wrote:


Hi
A lot of time we receive mail that are SPF NONE and have no DKIM Il
will be useful a little plugin that be able to give another chance to
legitimate these emails A lot of servers use the same machine to send
and receive emails, Plugin must read sender domain and search if the
IP used to send to us is one of the MX record list for domain This is
not intended to exclude other cases, but intended to have a chance to
recognize that is not a spoofed email only We can think to use not
the ip but the C class to get much more hits For example someone sent
from
199.56.23.5 and have mx record 199.56.23.9 can be legitimate because
both come from 199.56.23

Have someone something like this ?


Not quite, but assuming you're looking at using it for whitelisting purposes 
you can use:

whitelist_from_rcvd *@gruppocommet.it gruppocommet.it

That says that any mail sent with a @gruppocommet.it address that is received 
from a host with an rDNS matching gruppocommet.it will be whitelisted.

It's rather effective and efficient.
https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.
html#whitelist_and_blacklist_options
may tell you more.

Re: R: A plugin to legitimate email when SPF and DKIM missing

[Axb]

FTR: you can also do

whitelist_from_rcvd *@* gruppocomet.it
or
whitelist_from_rcvd *@*.it gruppocomet.it

or variations of...

On 08/09/2016 10:45 AM, Nicola Piazzi wrote:

whitelist_from_rcvd is intended to legitimate a single somain, specifiing 
domain by domain

I need something that tell me that check all incoming email and say if the 
originating ip (or class c) is the same of mx record

This can be intended like an SPF_PASS when people doesn t set spf at all.



Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it



-Messaggio originale-
Da: Kevin Golding [mailto:k...@caomhin.org]
Inviato: martedì 9 agosto 2016 10:28
A: users@spamassassin.apache.org
Oggetto: Re: A plugin to legitimate email when SPF and DKIM missing

On Tue, 09 Aug 2016 09:10:06 +0100, Nicola Piazzi 
 wrote:


Hi
A lot of time we receive mail that are SPF NONE and have no DKIM Il
will be useful a little plugin that be able to give another chance to
legitimate these emails A lot of servers use the same machine to send
and receive emails, Plugin must read sender domain and search if the
IP used to send to us is one of the MX record list for domain This is
not intended to exclude other cases, but intended to have a chance to
recognize that is not a spoofed email only We can think to use not the
ip but the C class to get much more hits For example someone sent from
199.56.23.5 and have mx record 199.56.23.9 can be legitimate because
both come from 199.56.23

Have someone something like this ?


Not quite, but assuming you're looking at using it for whitelisting purposes 
you can use:

whitelist_from_rcvd *@gruppocommet.it gruppocommet.it

That says that any mail sent with a @gruppocommet.it address that is received 
from a host with an rDNS matching gruppocommet.it will be whitelisted.

It's rather effective and efficient.
https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html#whitelist_and_blacklist_options
may tell you more.

R: A plugin to legitimate email when SPF and DKIM missing

[Nicola Piazzi]

whitelist_from_rcvd is intended to legitimate a single somain, specifiing 
domain by domain

I need something that tell me that check all incoming email and say if the 
originating ip (or class c) is the same of mx record

This can be intended like an SPF_PASS when people doesn t set spf at all.



Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it



-Messaggio originale-
Da: Kevin Golding [mailto:k...@caomhin.org] 
Inviato: martedì 9 agosto 2016 10:28
A: users@spamassassin.apache.org
Oggetto: Re: A plugin to legitimate email when SPF and DKIM missing

On Tue, 09 Aug 2016 09:10:06 +0100, Nicola Piazzi 
 wrote:

> Hi
> A lot of time we receive mail that are SPF NONE and have no DKIM Il 
> will be useful a little plugin that be able to give another chance to 
> legitimate these emails A lot of servers use the same machine to send 
> and receive emails, Plugin must read sender domain and search if the 
> IP used to send to us is one of the MX record list for domain This is 
> not intended to exclude other cases, but intended to have a chance to 
> recognize that is not a spoofed email only We can think to use not the 
> ip but the C class to get much more hits For example someone sent from 
> 199.56.23.5 and have mx record 199.56.23.9 can be legitimate because 
> both come from 199.56.23
>
> Have someone something like this ?

Not quite, but assuming you're looking at using it for whitelisting purposes 
you can use:

whitelist_from_rcvd *@gruppocommet.it gruppocommet.it

That says that any mail sent with a @gruppocommet.it address that is received 
from a host with an rDNS matching gruppocommet.it will be whitelisted.

It's rather effective and efficient.  
https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html#whitelist_and_blacklist_options
may tell you more.

Re: A plugin to legitimate email when SPF and DKIM missing

[Kevin Golding]

On Tue, 09 Aug 2016 09:10:06 +0100, Nicola Piazzi  
 wrote:



Hi
A lot of time we receive mail that are SPF NONE and have no DKIM
Il will be useful a little plugin that be able to give another chance to  
legitimate these emails

A lot of servers use the same machine to send and receive emails,
Plugin must read sender domain and search if the IP used to send to us  
is one of the MX record list for domain
This is not intended to exclude other cases, but intended to have a  
chance to recognize that is not a spoofed email only

We can think to use not the ip but the C class to get much more hits
For example someone sent from 199.56.23.5 and have mx record 199.56.23.9  
can be legitimate because both come from 199.56.23


Have someone something like this ?


Not quite, but assuming you're looking at using it for whitelisting  
purposes you can use:


whitelist_from_rcvd *@gruppocommet.it gruppocommet.it

That says that any mail sent with a @gruppocommet.it address that is  
received from a host with an rDNS matching gruppocommet.it will be  
whitelisted.


It's rather effective and efficient.  
https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html#whitelist_and_blacklist_options  
may tell you more.

A plugin to legitimate email when SPF and DKIM missing

[Nicola Piazzi]

Hi
A lot of time we receive mail that are SPF NONE and have no DKIM
Il will be useful a little plugin that be able to give another chance to 
legitimate these emails
A lot of servers use the same machine to send and receive emails,
Plugin must read sender domain and search if the IP used to send to us is one 
of the MX record list for domain
This is not intended to exclude other cases, but intended to have a chance to 
recognize that is not a spoofed email only
We can think to use not the ip but the C class to get much more hits
For example someone sent from 199.56.23.5 and have mx record 199.56.23.9 can be 
legitimate because both come from 199.56.23

Have someone something like this ?

Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
[Descrizione: gc]