PROBLEM
How can I Whitelist or Blacklist BATV and/or VERP addresses?
ENVIRONMENT
- on-premises mail server Installations: Version 7.7.1+
CAUSE
In an attempt to mitigate backscatter, mass-mailing applications like MailChimp, SendGrid and Mailgun may use Bounce Address Tag Validation (BATV) to determine the validity of a specified bounce address within an email. Within the <local-part>
of the Mail From:
field, BATV denotes the use of a tagging scheme that allows bounced mail to be assessed for validity and dropped accordingly. An example of an address using BATV may appear as follows:
Mail From: <bounces+22456-c23af-user=domain.com@domain.com>
While BATV validates bounces, Variable Envelope Return Path (VERP) is implemented by mailing lists to automate recognition and removal of in-valid recipients.
The combination of these mass-mailing techniques can ultimately effect the approach towards implementing Whitelists and Blacklists to govern what mail reaches your INBOX.
RESOLUTION
User Level Management
Target the <domain-part> of the email address by adding it to either your Whitelist senders or Blacklist senders, available from: Settings -> Anti-Spam Settings.
For example, to Whitelist:
<bounces+22456-c23af-user=gooddomain.com@gooddomain.com>
<bounces+27776-h2345a-user=greatdomain.com@greatdomain.com>
<bounces+49733-m345s-user=best.domain.com@best.domain.com>
while Blacklisting:<bounces+92686-l266b-user=baddomain.com@baddomain.com>
<bounces+10636-k4473-user=evildomain.com@evildomain.com>
Please find the following example:
Remember to click Save Settings to push your new changes to your profile on our cloud.
Administrative Network Management
Mass-Mailing services may also send from a specific subnet. These networks can be conveniently trusted to bypass SpamAssassin by adding them to trusted_networks
in /usr/local/atmail/spamassassin/etc/mail/spamassassin/local.cf
Multiple networks can be added and should be separated by white space in the configuration. In the following example, we have added 205.201.128.0/20
to our list of trusted_networks
.
#<SA_TRUSTED>
# The IP's which are trusted
trusted_networks 192.168/16 205.201.128.0/20
#</SA_TRUSTED>
Restart atmailserver allowing SpamAssassin to re-read its configuration.
# /etc/init.d/atmailserver restart
Our SpamAssassin will now automatically trust all mail deriving from the 205.201.128.0/20
subnet.
Comments