From: Matus UHLAR - fantomas <uh...@fantomas.sk>
Date: Sun, 18 May 2014 18:22:49 +0200
On 17.05.14 14:11, Jeff Mincy wrote:
>I just got some spam that was erroneously spf whitelisted hitting
WHITELIST_FROM_SPF
>It took me a while to figure out why it was getting WHITELIST_FROM_SPF
>but I eventually tracked it down down to this whitelist entry:
> whitelist_from_spf *@*buy.com
>The *@*buy.com (obviously) matches *@odysseyshop.ribsbuy.com.
>
>It would have been easier to figure out why it was matching if the
>matching spf entry was printed out, for example something like this:
>
>May 8 18:21:27.859 [22058] dbg: spf: whitelist_from_spf:
amandarodriq...@odysseyshop.ribsbuy.com matches ^.*\@.*buy\.com$ entry
>May 8 18:21:27.859 [22058] dbg: spf: whitelist_from_spf:
amandarodriq...@odysseyshop.ribsbuy.com is in user's WHITELIST_FROM_SPF and
passed SPF check
According to the documentation, they are not regexp's (as one could/should
expect):
Whitelist and blacklist addresses are now file-glob-style patterns,
The matching whitelist_from_spf entry *@*buy.com is a file glob pattern
which matched. I'm not sure why you are quoting the manual here. The
whitelist entry *@*buy.com is turned into a regexp by add_to_addrlist
in SpamAssassin/Conf/Parser.pm which among other things does s/\*+/\.\*/g
>sub _wlcheck {
> my ($self, $scanner, $param) = @_;
> if (defined ($scanner->{conf}->{$param}->{$scanner->{sender}})) {
> return 1;
> } else {
> study $scanner->{sender};
> foreach my $regexp (values %{$scanner->{conf}->{$param}}) {
> if ($scanner->{sender} =~ qr/$regexp/i) {
>##New dbg output here:
> dbg("spf: $param: $scanner->{sender} matches $regexp entry");
> return 1;
I assume the contents of *_networks is modified before RE matching, so you'd
wonder what is the content...
Ok, you lost me. What does the contents of *_networks have to do with
the suggestion to print the matching whitelist regexp entry? Nothing
matching *buy.com has been added to *_networks if that is what you are
wondering.
-jeff
