On Tue, 2017-05-09 at 12:28 +0000, David Jones wrote: > > > > From: David B Funk <dbf...@engineering.uiowa.edu> > > > > > > > > > On Mon, 8 May 2017, Chris wrote: > > > > > > > I'd be concerned with what caused the DKIM signature to fail > > validation. > > (DKIM_SIGNED, T_DKIM_INVALID). > > If something in the mail chain is breaking DKIM validation then > > attempts to use > > things like whitelist_auth are doomed to failure. > I'm with David F. on this one. I checked my headers today on a US- > CERT > email I just received and my SA hit USER_IN_DKIM_WHITELIST and > USER_IN_SPF_WHITELIST. There may be some odd interaction on the > OP's integration with SA that is altering the body causing the > T_DKIM_INVALID hit. > Hi David, I probably received the same one you did and here's what the hits on my system looked like:
X-spam-status: No, score=-212.2 required=5.0 tests=AWL=- 18.105,BAYES_00=-1.9,BOTNET=5,DCC_CHECK=2.17,DCC_CHECK_NEGAIVE=- 0.0001,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=- 0.1,HTML_MESAGE=0.001,RCVD_IN_DNSWL_NONE=-0.0001,RCVD_IN_MSPIKE_H4=- 0.01,RCVD_IN_MSPIKE_WL=-0.01, RDNS_NONE=0.793,SPF_PASS=- 0.001,UNPARSEABLE_RELAY=0.001, USER_IN_DKIM_WHITELIST=- 100,USER_IN_SPF_WHITELIST=-100AWL,BAYES_00, BOTNET,DCC_CHECK,DCC_CHECK_NEGATIVE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_ AU,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, RDNS_NONE,SPF_PASS,UNPARSEABLE_RELAY,USER_IN_DKIM_WHITELIST,USER_IN_SPF _WHITELIST shortcircuit=no autolearn=no autolearn_force=no version=3.4.1 Last night I changed the Botnet score to 1.0 and restarted SA however I see above that it still gave it a '5'. describe BOTNET Relay might be a spambot or virusbot header BOTNET eval:botnet() score BOTNET 1.0 I also added this line to the Botnet.cf (botnet_pass_domains mailer190173.service.govdelivery\.com) Maybe I screwed that up? > Chris, how are you launching SA on your mail server? It looks like > the body > has been altered to add a warning at the top with a "Content > preview:". > > https://pastebin.com/f71A2FfW > > Dave > I don't really run a mail server in the mail server sense of the words. What I do is I poll all my mail addresses with Fetchmail then run the incoming mail through Procmail. After tossing the mailing lists messages to the appropriate imap folders whats left is funneled into SA :0 E f w | /usr/bin/spamc # Encapsulate spam in an attachment by using 1 report_safe 1 -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 08:39:02 up 7 days, 15:22, 1 user, load average: 0.38, 0.37, 0.49 Description: Ubuntu 16.04.2 LTS, kernel 4.4.0-77-generic
signature.asc
Description: This is a digitally signed message part
