General Question with Whitelist

General eFa discussion
Post Reply
User avatar
dangsite
Posts: 9
Joined: 08 Sep 2018 15:03

General Question with Whitelist

Post by dangsite »

I wanted to ask what is the correct behavior for the Whitelisted e-mail addresses.

My observation within my environment:
Currently any email received that appears in the "Waiting (greylist)" and/or received & marked as SPAM, the sender is always added to the Whitelisted e-mail address (which has the URI of https://<fqdn>/sgwi/awl.php?mode=email) and the Whitelisted domains ( which has the URI of https://<fqdn>/sgwi/awl.php?mode=domains ).

The eFa application is catching the correct emails as SPAM -- there is no doubt. The part I am not understanding is why the email will be added to the "Whitelisted" list in the cases the email was marked as SPAM.

Usually once a week I am deleting entries within the Whitelisted lists. In most cases the received emails that are in the quarantine due to Spam Assassin exist in the whitelisted lists.

Look forward to any information that can be shared.
Last edited by dangsite on 25 Jun 2022 11:50, edited 1 time in total.
User avatar
pdwalker
Posts: 1489
Joined: 18 Mar 2015 09:16

Re: General Question with Whitelist

Post by pdwalker »

look in your /etc/MailScanner/spamassassin.conf - what is the setting for your "use_auto_whitelist" parameter?

Also, what is the setting of /etc/MailScanner/MailScanner.conf "SpamAssassin Auto Whitelist" parameter?
User avatar
dangsite
Posts: 9
Joined: 08 Sep 2018 15:03

Re: General Question with Whitelist

Post by dangsite »

pdwalker - thank you for the reply post. Sorry for my delay in responding.

For the /etc/MailScanner/spamassassin.conf the "use_auto_whitelist" parameter is using the default value. I had not uncomment the line and setting it to 0.

For the /etc/MailScanner/MailScanner.conf the "SpamAssassin Auto Whitelist" parameter is set to yes.

I did read the commented parts of the configuration file: Is there a way to only whitelist items that are not marked as "clean"; for example Spam or Blacklist.

Look forward to your next reply
User avatar
pdwalker
Posts: 1489
Joined: 18 Mar 2015 09:16

Re: General Question with Whitelist

Post by pdwalker »

The whitelist is supposed to be pretty much manual as far as I understand it. I've been running my system for years, and my whitelist only has 31 entries.

I'm going to have to kick this question to someone more knowledgable than I to help figure this out.
User avatar
pdwalker
Posts: 1489
Joined: 18 Mar 2015 09:16

Re: General Question with Whitelist

Post by pdwalker »

So, you're having an issue with SQLGrey.

Can you look in the message headers of your spam messages and check for "x-greylist:" header and tell me what you find? Compare both ham and spam messages.
User avatar
pdwalker
Posts: 1489
Joined: 18 Mar 2015 09:16

Re: General Question with Whitelist

Post by pdwalker »

ok, I think I know what the issue really is, but I am seeking confirmation.

Short tentative answer: everything is probably working as designed.
User avatar
dangsite
Posts: 9
Joined: 08 Sep 2018 15:03

Re: General Question with Whitelist

Post by dangsite »

Thank you for the responses.

I have 227 whitelist email addresses. A number of them are duplicates because a number of companies have a number of mail servers — and the greylist retry shows a different mail server.

With my system the experience I am observing is that a number of the received emails are automatically added to the whitelist. I am usually removing items from the list.

To stop the amount of spam, I am using a sender_access list to REJECT many domains (as that is better than having a firewall block list).

To answer your question Can you look in the message headers of your spam messages and check for "x-greylist:" header and tell me what you find? Compare both ham and spam messages.
SPAM has the following: X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Clean (or HAM) has the following: X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0

Thank you (in advance)
User avatar
pdwalker
Posts: 1489
Joined: 18 Mar 2015 09:16

Re: General Question with Whitelist

Post by pdwalker »

ok, the white list is SQL Grey in operation and it is working as designed.

SQL Grey is a way of blocking spam from "fake" mailservers. If a message from a new sender is rejected with the temporary error, most of the fake sending mail servers will not resend and that spam will be never enter the system.

However, some spammers use real mail servers. They will recognize the temporary error code and redeliver the message and sqlgrey will accept it.

At this point, you have use other spam fighting techniques to recognize and block the message.

SQL Grey is mostly a set and forget system, so I wouldn't worry about it too much unless you are having a problem receiving mail you know you should be getting.
Post Reply