AmazonSES, FROM and SENDER? - ORF Forums

Hi - apologies if more time to study wouldn't have answered this, but I'm up against time. I'm working in an environment where ORF is doing it's thing, but I'm trying to work with a service that's using AmazonSES to send mail. They appear to have SPF, DKIM, etc. all setup, but mails are being rejected by a blacklist rule that's rejecting *@amazonses.com mails. Which is apparently the value in the sender field, but not in from (which is ).

This is happening with more than one company that we work with that's using AmazonSES, so I'm wondering if I can't see a solution which is right in front of me. I want to in general reject AmazonSES messages, UNLESS a particular domain is in the FROM field. IP and the mailbox portion of the amazonses.com address aren't consistent enough to whitelist them. Thoughts? Thanks!

@prichmond: I'm not sure if your blacklist rule is checking Sender or the whole Header, but perhaps something like this would work:
(?!.*(\@exception1\.com|\@exception2\.com))(?=\@amazonses\.com)

I think I missed something, probably more like this:
(?!.*(\@exception1\.com|\@exception2\.com))(?=.*\@amazonses\.com)

Hi - thanks for these! I tried them, and it didn't seem to allow the messages. I think it's because the value I want isn't in the field being tested. I think I'd need to try testing the Header MIME value, however when I set up a entry on the keyword whitelist, as I've seen in other posts, it was rejected prior to the keyword test by the sender blacklist one. It doesn't look like I have the option to move that test prior to the other. Happy to have feedback on where I can look next....

@prichmond: Yes, you probably want the rule to look at the header but I cannot be sure since to date I don't have any problem with amazonses so I don't have a live sample look over.

What I wrote did not involve any whitelists, only one regex blacklist with exceptions built-in. In effect, it is a whitelist within a blacklist.

@Sam Russo: Thanks Sam...I think I figured it out, now that I understand how the whitelists work OnArrival. Even though there was a Sender Blacklist entry for anything from amazonses.com, adding a Keyword Whitelist entry as described here (http://vamsoft.com/forum/topic/303/who-is-the-right-sender) means that my whitelisted keyword will allow the mail to make it through (apparently whitelists supercede blacklists). The issue I was having was that the example I copied from the article assumes the sending server is , but in fact was coming from , so a regex that allowed for variation between @ and domain did the trick. Thanks for your help!