> My mailserver is mail.edu.haifa.ac.il. > As you can see there are mail relay servers which is not in > my responsibility mr[1-3].haifa.ac.il > > I want to make a script that parses the mail headers of FP > mails and add this line to local.cf" > > whitelist_from_rcvd [EMAIL PROTECTED] i_mtaout3.012.net.il > > > My question is: > > 1) When I add whitelist_from_rcvd, what should I put into > rDNS? Is it i_mtaout3.012.net.il or may be it is enough to > put 012.net.il or net.il?
It depends on how general you want to be. If i_mtaout3.012.net.il is the only server that sends messages from [EMAIL PROTECTED], then specify that. If other servers in 012.net.il send mail from that address, then use that. It's designed so you can be as specific or general as you need to be. > 2) Should I use the first " Received:" header from the end of > the headers, or should rDNS be from the last (upper) header? > rDNS comes always after "by", right? SpamAssassin will be testing the whitelist_from_rcvd against the topmost (final) received header when SA runs, so that's the one you need to look at. There are some obvious problems with this approach. One is that if all your e-mail goes through a relay before it gets to your server, then you can't reliably use whitelist_from_rcvd because you're never receiving the message from the original source server. Bret > > Here is an example from one of such headers on my server: > > > Return-Path: <[EMAIL PROTECTED]> > Received: from mail.edu.haifa.ac.il ([unix socket]) > by mail.edu.haifa.ac.il (Cyrus v2.2.3) with LMTP; Mon, > 06 Nov 2006 09:36:02 +0200 > X-Sieve: CMU Sieve 2.2 > Received: from localhost (localhost [127.0.0.1]) > by mail.edu.haifa.ac.il (Postfix) with ESMTP id D3A401C5D9 > for <[EMAIL PROTECTED]>; Mon, 6 Nov 2006 > 09:36:01 +0200 (IST) > X-Envelope-To: <[EMAIL PROTECTED]> > X-Envelope-From: <[EMAIL PROTECTED]> > X-Quarantine-id: > <spam-a304f1ee2d727e77958ad41abfea67d7-20061106-093601-17026-04> > Received: from mr3.haifa.ac.il (mr3.haifa.ac.il [132.74.1.219]) > by mail.edu.haifa.ac.il (Postfix) with ESMTP id 827C11B404 > for <[EMAIL PROTECTED]>; Mon, 6 Nov 2006 > 09:35:57 +0200 (IST) > Received: from localhost (localhost [127.0.0.1]) > by mr3.haifa.ac.il (Postfix) with ESMTP id 9A8C014A3B > for <[EMAIL PROTECTED]>; Mon, 6 Nov 2006 > 09:19:26 +0200 (IST) > X-Virus-Scanned: by amavisd-new at haifa.ac.il > Received: from mr3.haifa.ac.il ([127.0.0.1]) > by localhost (mr3.haifa.ac.il [127.0.0.1]) > (amavisd-new, port 10026) > with ESMTP id zUchdRb-SZp8 for <[EMAIL PROTECTED]>; > Mon, 6 Nov 2006 09:19:26 +0200 (IST) > Received: from mtaout3.012.net.il (mtaout3.012.net.il [84.95.2.7]) > by mr3.haifa.ac.il (Postfix) with ESMTP id F395015E59 > for <[EMAIL PROTECTED]>; Mon, 6 Nov 2006 > 09:19:23 +0200 (IST) > Received: from gilo ([212.199.66.195]) > by i_mtaout3.012.net.il (HyperSendmail v2004.12) with SMTP > id <[EMAIL PROTECTED]> for > [EMAIL PROTECTED]; Mon, 06 Nov 2006 09:19:23 +0200 (IST) > Date: Mon, 06 Nov 2006 09:19:07 +0200 > From: =?windows-1255?B?4uns5A==?= <[EMAIL PROTECTED]> > Subject: > =?windows-1255?B?9+X48SDw6eTl7CDk7ujkIOT56frl9Okg5eT68OXy5A==?= > To: [EMAIL PROTECTED] > Message-id: <[EMAIL PROTECTED]> > MIME-version: 1.0 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > Content-type: multipart/alternative; > boundary="Boundary_(ID_EDc5PKXnKSc3SqwzzGip3w)" > X-Priority: 3 > X-MSMail-priority: Normal > X-Spam-Status: Yes, hits=8.6 tag1=-999.0 tag2=5.0 kill=5.0 > tests=BAYES_10, HTML_60_70, HTML_FONTCOLOR_BLUE, > HTML_MESSAGE, RCVD_IN_DSBL, RCVD_IN_NJABL_PROXY, > RCVD_IN_SORBS_HTTP, RCVD_IN_XBL > X-Spam-Level: ******** > > > > Best Regards, > Leon Kolchinsky > > > > -----Original Message----- > From: Bret Miller [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 15, 2006 10:04 PM > To: users@spamassassin.apache.org > Subject: RE: How to extract the Reverse DNS hostname by script means? > > > Is there any automatic way (using a script), to extract the > > Reverse DNS hostname for the host that delivered the message to > > my network? > > The top Received header should contain the server you > received the message from. That's the one that needs to go in > the whitelist_from_rcvd line. > > Bret > > > > > > Because there may be mail-server serving multiple domains, > > i.e. somedomain.com is served by > > mailserver.someotherdomain.com and the line in local.cf would > > look like this: > > > > whitelist_from_rcvd [EMAIL PROTECTED] > > mailserver.someotherdomain.com > > > > > > In case there are multiple "Received" header how could I > > extract rDNS automatically? > > > > > > Here is an example of such headers taken fro the net: > > > > > > Received: from gandalf.ctdx.net ([199.0.161.154]) by buythetruck.com > > with Microsoft SMTPSVC(6.0.3790.211); > > Tue, 31 Oct 2006 23:27:03 -0500 > > Received: from harbor.x-cart.com (harbor.x-cart.com [69.20.14.15]) > > by gandalf.ctdx.net (8.13.7/8.13.6) with ESMTP id > > kA14M3vT018502 > > for <[EMAIL PROTECTED]>; Tue, 31 Oct 2006 23:22:03 -0500 > > Received: from localhost (localhost [127.0.0.1]) > > by harbor.x-cart.com (Postfix) with ESMTP id 32CA4FC2B4 > > for <[EMAIL PROTECTED]>; Tue, 31 Oct 2006 20:18:36 -0800 (PST) > > Received: from harbor.x-cart.com ([127.0.0.1]) > > by localhost (harbor.x-cart.com [127.0.0.1]) > > (amavisd-new, port > > 10024) > > with ESMTP id FJP1WignZXnm for <[EMAIL PROTECTED]>; > > Tue, 31 Oct 2006 20:18:34 -0800 (PST) > > Received: from gw-red.crtdev.local (mail.crtdev.local > [192.168.10.1]) > > by harbor.x-cart.com (Postfix) with ESMTP id 1EE32FC2B2 > > for <[EMAIL PROTECTED]>; Tue, 31 Oct 2006 20:18:33 -0800 (PST) > > Received: from localhost (localhost [127.0.0.1]) > > by gw-red.crtdev.local (Postfix) with ESMTP id > 0C9B8112EC3C; > > Wed, 1 Nov 2006 07:18:33 +0300 (MSK) > > Received: from gw-red.crtdev.local ([127.0.0.1]) > > by localhost (mail.crtdev.local [127.0.0.1]) > > (amavisd-new, port > > 10024) > > with ESMTP id Iqw-2Ddq46oC; Wed, 1 Nov 2006 07:18:32 +0300 > > (MSK) > > Received: from gw-green.crtdev.local (green-red-fiber.crtdev.local > > [192.168.99.13]) > > by gw-red.crtdev.local (Postfix) with ESMTP id DC976112EC2B > > for <[EMAIL PROTECTED]>; Wed, 1 Nov 2006 07:18:32 +0300 (MSK) > > Received: from sauron.crtdev.local (sauron.crtdev.local > > [192.168.12.10]) > > by gw-green.crtdev.local (Postfix) with ESMTP id > C1738244C21 > > for <[EMAIL PROTECTED]>; Wed, 1 Nov 2006 07:18:32 +0300 (MSK) > > Received: from sauron.crtdev.local (localhost [127.0.0.1]) > > by sauron.crtdev.local (8.13.8/8.13.8) with ESMTP id > > kA14IFAa080272 > > for <[EMAIL PROTECTED]>; Wed, 1 Nov 2006 07:18:15 +0300 (MSK) > > (envelope-from [EMAIL PROTECTED]) > > Received: (from [EMAIL PROTECTED]) > > by sauron.crtdev.local (8.13.8/8.13.8/Submit) id > > kA14IEv1080271; > > Wed, 1 Nov 2006 07:18:14 +0300 (MSK) > > (envelope-from www) > > Date: Wed, 1 Nov 2006 07:18:14 +0300 (MSK) > > Message-Id: <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: Valentine Kaverin has posted a new message for you. > > From: Qualiteam HelpDesk system <[EMAIL PROTECTED]> > > Content-Type: text/plain;charset=iso-8859-1; > > X-Signature-Check-Ignore: Yes > > X-Virus-Scanned: ClamAV 0.88.5/2136/Tue Oct 31 22:06:48 2006 on > > gandalf.ctdx.net > > X-Virus-Scanned: amavisd-new at x-cart.com > > X-Virus-System: ClamAV 0.88.5/2136/Tue Oct 31 19:06:48 2006 > > X-Virus-Status: Clean > > X-Spam-Status: No, score=3.0 required=5.0 > tests=AWL,BAYES_00,BIZ_TLD, > > SPF_SOFTFAIL,URI_NO_WWW_BIZ_CGI autolearn=no version=3.1.3 > > X-Spam-Level: ** > > X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on > > gandalf.ctdx.net > > Return-Path: [EMAIL PROTECTED] > > X-OriginalArrivalTime: 01 Nov 2006 04:27:03.0500 (UTC) > > FILETIME=[FB3D50C0:01C6FD6D] > > > >
