Re: freshworks and DKIM and KAM
NOTE: All entries on the wild RBL are hand reviewed. Freshworks was listed on 8/11 for spamming. They seem to have freshteam, freshsales, freshworks, etc. and present a problem. I've delisted them for now and will keep an eye on more samples. Re: KAM Ruleset, the best way to install it is to use the channel: https://mcgrail.com/template/kam.cf_channel The manual downloads are problematic because people rarely install it correctly with all the files or sometimes using the kam only plugin which is unlikely to work correctly for most people. BTW, the wild RBL is not commercial but it was DDoSed when a major system started using it for 10's of millions of systems. Thanks to Linode, we will be launching two mirrors for the RBL and putting it back in use for the world. Regards, KAM -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Sat, Aug 28, 2021 at 5:06 AM Matus UHLAR - fantomas wrote: > On 27.08.21 13:36, Alex wrote: > >I can't figure out why attempts at adding emails from the > >freshworks.com domain to the welcome list aren't successful. This is > >from a quarantined message on my amavis/SA/fedora system. > > >X-Envelope-From: > > freshworks@frwfiddkim.freshworks.com> > > >All of these rules were hit for this email, yet it is still being > quarantined. > >"DKIM_SIGNED","DKIM_VALID","DKIM_VALID_AU", "USER_IN_DKIM_WELCOMELIST" > > note that DKIM rules are supposed to hit on From:, not on envelope from. > > >USER_IN_DKIM_WELCOMELIST is only scored with 0.01. I saw a reference > >to feature_blocklist_welcomelist in 60_whitelist_dkim.cf. Perhaps > >that's related? > > seems that while USER_IN_DKIM_WELCOMELIST does have proper score configured > in 60_whitelist_dkim.cf (-0.01 or -100) > > ...it's being overriden in 72_scores.cf: > > score USER_IN_DKIM_WELCOMELIST 0.001 0.001 0.001 0.001 > > a bug report should do that. > until then, put: > > score USER_IN_DKIM_WELCOMELIST -100.000 > > into your local overrides. > > > >https://pastebin.com/6u4uNnLQ > > > >Ideas greatly appreciated. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Christian Science Programming: "Let God Debug It!". >
Re: freshworks and DKIM and KAM
On 27.08.21 13:36, Alex wrote: I can't figure out why attempts at adding emails from the freshworks.com domain to the welcome list aren't successful. This is from a quarantined message on my amavis/SA/fedora system. X-Envelope-From: All of these rules were hit for this email, yet it is still being quarantined. "DKIM_SIGNED","DKIM_VALID","DKIM_VALID_AU", "USER_IN_DKIM_WELCOMELIST" note that DKIM rules are supposed to hit on From:, not on envelope from. USER_IN_DKIM_WELCOMELIST is only scored with 0.01. I saw a reference to feature_blocklist_welcomelist in 60_whitelist_dkim.cf. Perhaps that's related? seems that while USER_IN_DKIM_WELCOMELIST does have proper score configured in 60_whitelist_dkim.cf (-0.01 or -100) ...it's being overriden in 72_scores.cf: score USER_IN_DKIM_WELCOMELIST 0.001 0.001 0.001 0.001 a bug report should do that. until then, put: score USER_IN_DKIM_WELCOMELIST -100.000 into your local overrides. https://pastebin.com/6u4uNnLQ Ideas greatly appreciated. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Christian Science Programming: "Let God Debug It!".
Re: freshworks and DKIM and KAM
Hi, > > I can't figure out why attempts at adding emails from the > > freshworks.com domain to the welcome list aren't successful. This is > > from a quarantined message on my amavis/SA/fedora system. > > > > I'm not sure why the entirety of freshworks.com would be blocked in > > the first place? > > * 9.0 KAM_FROM_URIBL_PCCC RBL: From address listed in PCCC URIBL > > * (https://raptor.pccc.com/RBL) > > * [listed in freshworks.com.wild.pccc.com] > > * 9.0 KAM_BODY_URIBL_PCCC Body contains URI listed in PCCC URIBL > > * (https://raptor.pccc.com/RBL) > > * [URI: freshworks.com] > > Looking at the channel rules file that's surrounded by an ifplugin: > >ifplugin Mail::SpamAssassin::Plugin::KAMOnly > > and so unless you are one of Peregrine Computer Consultants Corporation > paying customers you are likely (correctly, justifiably) getting funky > DNSBL lookup results. Yes, it seems I have misinterpreted the meaning of the publically available KAMOnly.cf file. Fixed, thanks
Re: freshworks and DKIM and KAM
Alex wrote: Hi, I can't figure out why attempts at adding emails from the freshworks.com domain to the welcome list aren't successful. This is from a quarantined message on my amavis/SA/fedora system. I'm not sure why the entirety of freshworks.com would be blocked in the first place? * 9.0 KAM_FROM_URIBL_PCCC RBL: From address listed in PCCC URIBL * (https://raptor.pccc.com/RBL) * [listed in freshworks.com.wild.pccc.com] * 9.0 KAM_BODY_URIBL_PCCC Body contains URI listed in PCCC URIBL * (https://raptor.pccc.com/RBL) * [URI: freshworks.com] Looking at the channel rules file that's surrounded by an ifplugin: ifplugin Mail::SpamAssassin::Plugin::KAMOnly and so unless you are one of Peregrine Computer Consultants Corporation paying customers you are likely (correctly, justifiably) getting funky DNSBL lookup results. If you *are* a paying customer you'd need to contact their support to see why your DNSBL lookups are going sideways. A number of rules in that channel are surrounded by barriers like this because they are variously unuseful for anyone else; in this case, it's a DNSBL lookup that isn't publicly available. Don't remove those barriers unless you really really know what you're doing. -kgd
Re: freshworks and DKIM and KAM
On 2021-08-27 19:36, Alex wrote: https://pastebin.com/6u4uNnLQ score USER_IN_DKIM_WELCOMELIST -10 -10 -10 -10 since USER_IN_DKIM_WHITELIST is not hitting then add this above score, its not a bug :=) dont know if its same as here https://mailing.unix.spamassassin-talk.narkive.com/rijlOWzJ/short-circuit-user-in-dkim-whitelist-hits-sometimes
freshworks and DKIM and KAM
Hi, I can't figure out why attempts at adding emails from the freshworks.com domain to the welcome list aren't successful. This is from a quarantined message on my amavis/SA/fedora system. I'm not sure why the entirety of freshworks.com would be blocked in the first place? * 9.0 KAM_FROM_URIBL_PCCC RBL: From address listed in PCCC URIBL * (https://raptor.pccc.com/RBL) * [listed in freshworks.com.wild.pccc.com] * 9.0 KAM_BODY_URIBL_PCCC Body contains URI listed in PCCC URIBL * (https://raptor.pccc.com/RBL) * [URI: freshworks.com] X-Envelope-From: Authentication-Results: xavier.example.com (amavisd-new); dkim=pass (2048-bit key) header.d=freshworks.com All of these rules were hit for this email, yet it is still being quarantined. "DKIM_SIGNED","DKIM_VALID","DKIM_VALID_AU", "USER_IN_DKIM_WELCOMELIST" USER_IN_DKIM_WELCOMELIST is only scored with 0.01. I saw a reference to feature_blocklist_welcomelist in 60_whitelist_dkim.cf. Perhaps that's related? $ spamassassin --version SpamAssassin version 4.0.0-r1889518 running on Perl version 5.32.1 Here are my welcomelist/whitelist entries: welcomelist_from_dkim *@frwfiddkim.freshworks.com welcomelist_from_dkim *@freshworks.com welcomelist_from *@frwfiddkim.freshworks.com whitelist_from *@frwfiddkim.freshworks.com welcomelist_from *@freshworks.com welcomelist_from *@freshsales.com welcomelist_from *@*.freshsales.com welcomelist_from *@*.freshworks.com welcomelist_from *@freshmarketer.com welcomelist_from *@freshsales.io welcomelist_auth *@freshworks.com welcomelist_auth *@*.freshworks.com welcomelist_spf *@frwfiddkim.freshworks.com whitelist_spf *@frwfiddkim.freshworks.com Many of these are just temporary to test different options (especially the *_from entries). Is this a bug? https://pastebin.com/6u4uNnLQ Ideas greatly appreciated.