Whitelist problem (probably not a bug EFA!)

General eFa discussion
Post Reply
e-d-i-t
Posts: 94
Joined: 27 Apr 2016 19:28
Contact:

Whitelist problem (probably not a bug EFA!)

Post by e-d-i-t »

So,... We get mail from 010201726f60cc6e-dabc6dfc-24ee-4e0f-8f3d-87f52e0aa5df-000000@eu-west-1.amazonses.com
Actually if you look at the headers, it shows From: "Twelve" <noreply@twelfesomething.com>

Where is it going wrong? Someone has experience with this?
I guess it happens often for AWS mail?

It clearly comes in at EFA4 as Message-ID@eu-west-1.amazonses.com where it should see 'From "Whomever" <me@mydomain.com>' which is also in the headers...

I am afraid that I have to whitelist eu-west-1.amazonses.com instead of the real sender's domain...
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Whitelist problem (probably not a bug EFA!)

Post by shawniverson »

What you are describing is what is known as the envelope from. It is sadly pretty common that emails originating from AWS SES don't have well defined envelope from address. This is sent during the SMTP conversation using the MAIL FROM command

The header from is in the email itself "inside the envelope."

You can try whitelisting using the header from instead of the envelope from.
e-d-i-t
Posts: 94
Joined: 27 Apr 2016 19:28
Contact:

Re: Whitelist problem (probably not a bug EFA!)

Post by e-d-i-t »

Ahah! I heared someone yelling Envelope from, but never quite understood what is was.
Thanks Shawn!
e-d-i-t
Posts: 94
Joined: 27 Apr 2016 19:28
Contact:

Re: Whitelist problem (probably not a bug EFA!)

Post by e-d-i-t »

Shawn,
Would you be able to tell me in short how to whitelist something in EFA based on a part of the header?
Where would I be searching for?
Something I need to "script" or configure in a spamassasin config or something else?
Thanks in advance!
e-d-i-t
Posts: 94
Joined: 27 Apr 2016 19:28
Contact:

Re: Whitelist problem (probably not a bug EFA!)

Post by e-d-i-t »

Fun fact is:
When I login as admin, I see the "From" inside the header.
When I login as the user, I see the "From" as the field "From" using the link "View" in the spam report.
Now I could whitelist it there, but I don't think that will help as it didn't help me in the first post here by whitelisting "twelvesomething.com"
e-d-i-t
Posts: 94
Joined: 27 Apr 2016 19:28
Contact:

Re: Whitelist problem (probably not a bug EFA!)

Post by e-d-i-t »

Is this btw the answer to my problem?
SPF checks that the IP address of the sending server is authorized by the owner of the domain that appears in the SMTP MAIL FROM command. (The email address in MAIL FROM is also called envelope-from or 5321.MailFrom.) In addition to requiring that the SPF check pass, DMARC additionally checks that 5321.MailFrom aligns with 5322.From."

In order to enable SPF From alignment, you need a DMARC record.
Post Reply