Whitelist not working as expected

rusty99

• February 08, 2023 18:37

I have quite a few entries in my whitelist but some of them still go to spam and I can't work out why. I thought the whitelist would sit in front of spam filters to direct mail before the spam filters queried and processed them. One email address is a gmail account from my pharmacy (pharmacy may be a spam filter entry) and the other is a list updates@academia-mail.com that goes to spam about 95% of the time. The pharmacy address I enter in full and my entry for the academic mailer is *@academia-mail.com. Any ideas on what's going on?

• 

  xpy-xpy

  • February 09, 2023 15:26

  Provided that your server is configured to use the standard SpamAssassin filtering, you should be able to verify if your whitelist is working by opening the headers of the mis-identified message and looking for the following entry: -100 USER_IN_WHITELIST E.g. if a super spammy looking message would otherwise receive a spam score of 25, with the whitelist enabled you will still have a score of -75 (25 minus 100).

  0
• 

  rusty99

  • February 09, 2023 22:40

  Provided that your server is configured to use the standard SpamAssassin filtering, you should be able to verify if your whitelist is working by opening the headers of the mis-identified message and looking for the following entry: -100 USER_IN_WHITELIST E.g. if a super spammy looking message would otherwise receive a spam score of 25, with the whitelist enabled you will still have a score of -75 (25 minus 100).

  
  Thanks xpy-xpy, This is the de-identified headers. It says -100 USER_IN_WHITELIST but is there any other info that suggests why it may be going to spam? The academic mailer is below that. by awcp053.server-cpanel.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from ) id 1pPbZD-00CsUY-JQ for xxxxxxxx; Wed, 08 Feb 2023 14:56:20 +1100 Received: by mail-xxxxx for ; Tue, 07 Feb 2023 19:55:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; X-Gm-Message-State: xxxxxxx X-Google-Smtp-Source: (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Feb 2023 19:55:49 -0800 (PST) MIME-Version: 1.0 From: "Pharmacy@xxxx" To: xxxxxx Subject: Receipt from PHARMACY@xxxx Content-Type: multipart/mixed; boundary=--boundary_0_b07ce944-2837-4428-b59c-22747fc4b1ae X-Spam-Status: No, score=-102.0 X-Spam-Score: -1019 X-Spam-Bar: --------------------------------------------------- X-Ham-Report: Spam detection software, running on the system "awcp053.server-cpanel.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: PHARMACY@xxx Content analysis details: (-102.0 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 USER_IN_WELCOMELIST User is listed in 'welcomelist_from' -100 USER_IN_WHITELIST DEPRECATED: See USER_IN_WELCOMELIST -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [xxxxx[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 T_OBFU_PDF_ATTACH BODY: PDF attachment with generic MIME type 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 GB_FROM_NAME_FREEMAIL Freemail spear phish with free mail X-Spam-Flag: NO +++++++++++++++++ Return-Path: <01000185f957ba73-20663c0a-3e0f-4b61-a23e-8fc5c1b45717-000000@bounce.academia-mail.com> Delivered-To: "xxxxxx Received: from awcp053.server-cpanel.com by awcp053.server-cpanel.com with LMTP id MKFoJRJW1WPc0w4An02WTQ (envelope-from <01000185f957ba73-20663c0a-3e0f-4b61-a23e-8fc5c1b45717-000000@bounce.academia-mail.com>) for <"xxxxxx>; Sun, 29 Jan 2023 04:06:26 +1100 Return-path: <01000185f957ba73-20663c0a-3e0f-4b61-a23e-8fc5c1b45717-000000@bounce.academia-mail.com> Envelope-to: xxxxxx Delivery-date: Sun, 29 Jan 2023 04:06:26 +1100 Received: from a10-140.smtp-out.amazonses.com ([54.240.10.140]:43461) by awcp053.server-cpanel.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (Exim 4.95) (envelope-from <01000185f957ba73-20663c0a-3e0f-4b61-a23e-8fc5c1b45717-000000@bounce.academia-mail.com>) id 1pLoek-0044Xq-3I for xxxxxx; Sun, 29 Jan 2023 04:06:26 +1100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=4vua5mvwhuogm74j2yjeer7iai2cp5nr; d=academia-mail.com; t=1674925554; h=Date:From:To:Message-ID:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:List-Unsubscribe:List-Unsubscribe-Post; x DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1674925554; h=Date:From:To:Message-ID:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:List-Unsubscribe:List-Unsubscribe-Post:Feedback-ID; x Date: Sat, 28 Jan 2023 17:05:54 +0000 From: PDF By Kenneth xxx To: xxxxxx Message-ID: <01000185f957ba73-20663c0a-3e0f-4b61-a23e-8fc5c1b45717-000000@email.amazonses.com> Subject: =?UTF-8?Q?=F0=9F=93=84_=22Infant_Intersubjectivity:_Research,?= =?UTF-8?Q?_Theory,_and_Clinical_Applications=22_by_Kenneth_xxxxx?= Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_63d555f18a2ba_135ef8645883"; charset=UTF-8 Content-Transfer-Encoding: 7bit x-tracking-token: bTizJ-QSYrnuw-bu0BLj x-campaignid: upload_related_back_catalog_read List-Unsubscribe: [...] Content analysis details: (-93.1 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 USER_IN_WELCOMELIST User is listed in 'welcomelist_from' -100 USER_IN_WHITELIST DEPRECATED: See USER_IN_WELCOMELIST 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to background 0.0 HTML_MESSAGE BODY: HTML included in message 5.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: academia.page.link] 1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist [URIs: academia.page.link] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Spam-Flag: NO

  0

Please sign in to leave a comment.