Bug 7201 - Whitelist_auth for VERP-esque emails does not work
Summary: Whitelist_auth for VERP-esque emails does not work
Status: RESOLVED INVALID
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (Eval Tests) (show other bugs)
Version: 3.4.1
Hardware: PC Windows 7
: P2 normal
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-28 15:18 UTC by Kevin A. McGrail
Modified: 2015-05-28 17:32 UTC (History)
2 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kevin A. McGrail 2015-05-28 15:18:31 UTC 
A whitelist_auth entry for wizard@whitepaperwizard.com was entered.  However, the email is sent via mailchimp where the DKIM and SPF are VERP-esque encoded entries for mcdlv.net.

For example, the relevant headers/envelope for this email pass SPF and DKIM but don't pass whitelist_auth for wizard@whitepaperwizard.com.  Is this a bug?  Is this something we can address?

From bounce-mc.us6_14186571.60645-removed=ccc.com@mail32.wdc01.mcdlv.net  Thu May 28 06:02:33 2015
Return-Path: <bounce-mc.us6_14186571.60645-removed=ccc.com@mail32.wdc01.mcdlv.net>
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mail32.wdc01.mcdlv.net;
 h=Subject:From:Reply-To:To:Date:Message-ID:List-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version; i=wizard=3Dwhitepaperwizard.com@mail32.wdc01.mcdlv.net;
 bh=OOZy7UlqOAhORsS36JyTljUDq5I=;
 b=fstDtWcA8gUphm9cHdcvrvaQBLWYtKIgx7SsTJ5UTJrB7Zvcm4vT/O0lkRuD5QIZQaJ3+0oKh0ff
   wTgb1Jfo5+54mEADkKglPAel9F68q3vrGO0hYbqjpdEFsGgg4SkxbnFH1VAUPkjDUa1dEYv56rbH
   WukLqqVBbrmpWOGNoZw=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=mail32.wdc01.mcdlv.net;
 b=kOwxrPnYj7qLaPiPTAcBfHdExziVdaUXFgY9w4EKltZ9aej5Q6mlxHtbNF9CklPbHDcfODeUmmE9
   0PY1rbQTIGLOloO33/xjO8k1eUfMUoCIp465e+xgk+jrTwNsWI66kEMPhSPAFjvAMaQGWwahky7D
   O7nzLqiwRzQLiAAl13Y=;
From: =?utf-8?Q?White=20Paper=20Wizard?= <wizard@whitepaperwizard.com>
Comment 1 Mark Martinec 2015-05-28 16:58:57 UTC 
> A whitelist_auth entry for wizard@whitepaperwizard.com was entered. 
> However, the email is sent via mailchimp where the DKIM and SPF are
> VERP-esque encoded entries for mcdlv.net.
> 
> For example, the relevant headers/envelope for this email pass SPF and DKIM
> but don't pass whitelist_auth for wizard@whitepaperwizard.com.  Is this a
> bug?  Is this something we can address?

> Return-Path:
>   <bounce-mc.us6_14186571.60645-removed=ccc.com@mail32.wdc01.mcdlv.net>

> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1;
>   d=mail32.wdc01.mcdlv.net;

> From: <wizard@whitepaperwizard.com>

With DKIM the whitelist_auth checks for author-domain signature,
not just any third-party signature. In this case the author domain is
whitepaperwizard.com but the signing domain is mail32.wdc01.mcdlv.net.

For DKIM-whitelisting third-party signatures you need to use:
  whitelist_from_dkim wizard@whitepaperwizard.com mail32.wdc01.mcdlv.net
(the first arg may be wildcarded if necessary).

Don't know about SPF.
Comment 2 Benny Pedersen 2015-05-28 17:30:06 UTC 
whitelist_from_spf *@mail32.wdc01.mcdlv.net
whitelist_from_dkim wizard@whitepaperwizard.com mail32.wdc01.mcdlv.net

whitelist_auth is here not usefull :(
Comment 3 Kevin A. McGrail 2015-05-28 17:32:05 UTC 
Thanks.  That closes the issue that it is expected behavior.