RE: [AMaViS-user] How to whitelist an email address

Sat, 16 Jul 2005 22:44:31 -0700 

 

|-----Original Message-----
|From: [EMAIL PROTECTED] 
|[mailto:[EMAIL PROTECTED] On Behalf Of Gary V
|Sent: Sábado, 16 de Julio de 2005 11:22 p.m.
|To: Anton Krall
|Cc: amavis-user@lists.sourceforge.net
|Subject: Re: [AMaViS-user] How to whitelist an email address
|
|Anton wrote:
|
|
|
|> |-----Original Message-----
|> |From: Gary V [mailto:[EMAIL PROTECTED]
|> |Sent: Sábado, 16 de Julio de 2005 04:30 p.m.
|> |To: Anton Krall
|> |Cc: amavis-user@lists.sourceforge.net
|> |Subject: Re: [AMaViS-user] How to whitelist an email address
|> |
|> |Anton wrote:
|> |
||>> Done! Now lets test it.
|> |
||>> Thank you for such a well documented answer Gary. This
|> |really helped a
||>> lot, thank you for taking the time.
|> |
||||>>>> How can I whitelist an email address so it doesn't get 
|marked as 
||||>>>> either virus or spam (so .exes or so don't get marked as
||>>
||>> |Sender addresses can be faked. Viruses almost always fake sender 
||>> |addresses. So by default, amavisd-new does not support allowing 
||>> |banned files and viruses based on sender address.
||>>
||>> |Assuming the sender is outside your network:
||>> |This is not recommended, but you can prevent a sender from being 
||>> |scanned by amavisd-new. Create a file (we will call it
||>> |filter_bypass) in the Postfix directory.
||>> |/etc/postfix/filter_bypass
||>> |
||>> |The contents of the file depend on whether you use local
|> |accounts or
||>> |relay the mail to another server.
||>> |
||>> |For local, the one entry in the file would be:
||>> |[EMAIL PROTECTED] FILTER local:[127.0.0.1]
||>> |
||>> |and for relay, it would be:
||>> |[EMAIL PROTECTED] FILTER smtp:[111.222.333.444]
||>> |
||>> |where the IP address is of your final destination server.
||>> |
||>> |postmap the file as usual: postmap hash:/etc/postfix/filter_bypass
||>> |
||>> |In main.cf place 'check_sender_access
|> |hash:/etc/postfix/filter_bypass'
||>> |as the LAST item in smtpd_recipient_restrictions. This MUST
|> |go after
||>> |reject_unauth_destination. If you don't have a 
||>> |smtpd_recipient_restrictions entry, you would need to add 
|one, with 
||>> |the items in this exact order:
||>> |
||>> |smtpd_recipient_restrictions =
||>> |   permit_mynetworks,
||>> |   reject_unauth_destination,
||>> |   check_sender_access hash:/etc/postfix/filter_bypass
||>> |
||>> |Now, ANYONE WHO CLAIMS TO BE [EMAIL PROTECTED] can bypass 
||>> |amavisd-new completely. Not a good idea. Bad idea.
||>> |
||>> |
||>> |Gary V
|> |
|> |I have a way to make this less of a risk, using a policy bank.
|> |Instead of:
|> |[EMAIL PROTECTED] FILTER local:[127.0.0.1] (or) [EMAIL PROTECTED] 
|> |FILTER smtp:[111.222.333.444]
|> |
|> |Set this to:
|> |[EMAIL PROTECTED] FILTER smtp-amavis:[127.0.0.1]:10026
|> |
|> |amavisd-new does not normally listen to port 10026, so we 
|will ask it 
|> |to (in amavisd.conf):
|> |
|> |$inet_socket_port = [10024,10026];
|> |
|> |Then we set up a policy bank. This will override amavisd-new's 
|> |configured settings for any message received on port 10026.
|> |
|> |$interface_policy{'10026'} = 'DAVECANSEND';
|> |
|> |$policy_bank{'DAVECANSEND'} = {
|> | bypass_spam_checks_maps => [[qw( [EMAIL PROTECTED] )]], 
|> |bypass_banned_checks_maps => [[qw( [EMAIL PROTECTED] )]], 
|> |bypass_virus_checks_maps => [[qw( [EMAIL PROTECTED] )]],
||spam_lovers_maps =>> [[qw( [EMAIL PROTECTED] )]],
|> |banned_files_lovers_maps => [[qw( [EMAIL PROTECTED] )]], 
|> |virus_lovers_maps => [[qw( [EMAIL PROTECTED] )]], };
|> |
|> |So here, if [EMAIL PROTECTED] sends a message to 
|[EMAIL PROTECTED] 
|> |then virus/banned/spam checks will be bypassed. If 
|[EMAIL PROTECTED] 
|> |sends mail to someone else in the domain, it will be 
|processed by the 
|> |settings in the rest on amavisd.conf
|> |
|> |I'm pretty sure you have to enable (and configure) @mynetworks:
|> |
|> | @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
|> |                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); # 
|> |default
|> |
|> |And set smtp_send_xforward_command=yes in master.cf:
|> |
|> |smtp-amavis     unix    -       -       n       -       2       smtp
|> |        -o smtp_data_done_timeout=1200
|> |        -o smtp_send_xforward_command=yes
|> |        -o disable_dns_lookups=yes
|> |
|> |It seems to work for me....
|> |
|> |If you don't do this part, or take other measures to avoid passing 
|> |virusus to the rest of your network, you might as well not be using 
|> |amavisd-new.
|> |
|> |Gary V
|> |
|> |
|
|> Gary.
|
|> I need some help debugging this.
|
|> Seems I got amavis working but something is wrong in postfix since 
|> messages with the specified sender do not get sent to port 
|10026, here is an example:
|
|> This is done if I send it directly to port 10026 from within the 
|> computer where amavis and postfix live
|
|
|> Jul 16 20:18:23 server amavis[28981]: (28981-02) SMTP::10026
|> /var/amavis/amavis-20050716T201641-28981: 
|<[EMAIL PROTECTED]> -> 
|> <[EMAIL PROTECTED]> Received: from akrall ([127.0.0.1]) by 
|> localhost (server.intruder.com.mx [127.0.0.1]) (amavisd-new, port 
|> 10026) with SMTP id
|> 28981-02 for <[EMAIL PROTECTED]>; Sat, 16 Jul 2005 
|20:18:13 -0500 
|> (CDT) Jul 16 20:18:25 server amavis[28981]: (28981-02) Checking: 
|> LETITIN <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> Jul 16 
|> 20:18:25 server amavis[28981]: (28981-02) BAD HEADER from
|> <[EMAIL PROTECTED]>: MIME error: error: unexpected end 
|of header 
|> Jul 16 20:18:25 server amavis[28981]: (28981-02) FWD via SMTP:
|> [127.0.0.1]:10025 <[EMAIL PROTECTED]> -> 
|<[EMAIL PROTECTED]> 
|> Jul 16 20:18:25 server postfix/qmgr[28896]: 45AC25B40F2:
|> from=<[EMAIL PROTECTED]>, size=641, nrcpt=1 (queue 
|active) Jul 16 
|> 20:18:25 server amavis[28981]: (28981-02) SEND via SMTP:
|> [127.0.0.1]:10025 <> -> <[EMAIL PROTECTED]> Jul 16 20:18:25 
|> server postfix/local[29050]: 45AC25B40F2:
|> to=<[EMAIL PROTECTED]>, relay=local, delay=0, status=sent 
|> (mailbox) Jul 16 20:18:25 server amavis[28981]: (28981-02) Passed 
|> BAD-HEADER, LETITIN <[EMAIL PROTECTED]> -> 
|> <[EMAIL PROTECTED]>, Hits: -, 22450 ms Jul 16 20:18:25 
|server postfix/local[29426]: 5F25F5B40F3:
|> to=<[EMAIL PROTECTED]>, relay=local, delay=0, status=sent 
|> (mailbox)
|
|This looks ok to me (except you did not enter the header in 
|exactly right, but it still loaded the policy bank and sent 
|the message). It is from [EMAIL PROTECTED], so the policy 
|bank was utilized, notice no spam score (and the keyword LETITIN).
|
|> And if I send it like it should be
|
|> Jul 16 20:25:08 server amavis[28981]: (28981-05) ESMTP::10024
|> /var/amavis/amavis-20050716T201641-28981: <[EMAIL PROTECTED]> -> 
|> <[EMAIL PROTECTED]> Received: SIZE=3345 from intruder.com.mx
|> ([127.0.0.1]) by localhost (server.intruder.com.mx [127.0.0.1]) 
|> (amavisd-new, port 10024) with ESMTP id 28981-05 for 
|> <[EMAIL PROTECTED]>; Sat, 16 Jul 2005 20:25:08 -0500 
|(CDT) Jul 16 
|> 20:25:09 server amavis[28981]: (28981-05) Checking:
|> <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> Jul 16 20:25:12 
|> server amavis[28981]: (28981-05) SPAM, <[EMAIL PROTECTED]> -> 
|> <[EMAIL PROTECTED]>, Yes, hits=27.746 tag=4
|> tag2=7 kill=7 tests=DNS_FROM_RFC_POST, HTML_90_100, 
|> HTML_IMAGE_ONLY_20, HTML_MESSAGE, INFO_TLD, MPART_ALT_DIFF, 
|> RCVD_HELO_IP_MISMATCH, RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_DSBL, 
|> RCVD_IN_NJABL_PROXY, RCVD_IN_XBL, RCVD_NUMERIC_HELO, URIBL_AB_SURBL, 
|> URIBL_JP_SURBL, URIBL_OB_SURBL, URIBL_SBL, URIBL_SC_SURBL, 
|> URIBL_WS_SURBL Jul 16 20:25:12 server amavis[28981]: (28981-05) 
|> Blocked SPAM, [173.33.175.158] <[EMAIL PROTECTED]> -> 
|> <[EMAIL PROTECTED]>,
|> Message-ID: 
|> <[EMAIL PROTECTED]>,
|> Hits: 27.746, 3849 ms
|> Jul 16 20:25:12 server postfix/smtp[30370]: 04F145B40F2:
|> to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1], delay=5, 
|> status=sent (250 2.5.0 Ok, id=28981-05, BOUNCE)
|
|This looks ok too. This message is from [EMAIL PROTECTED], 
|so it would act like any other piece of mail 
|(virus/banned/spam checks would be performed). The message was 
|bounced because it looks like you have amavisd-new configured 
|to bounce spam. If you want to test from this sender (in other 
|words, you want the policy bank loaded when mail is received 
|from [EMAIL PROTECTED]), change:
|[EMAIL PROTECTED] FILTER  smtp-amavis:[127.0.0.1]:10026
|to:
|[EMAIL PROTECTED] FILTER  smtp-amavis:[127.0.0.1]:10026 in 
|your amavis-bypass file. If you do this, when 
|[EMAIL PROTECTED] sends a message to 
|[EMAIL PROTECTED], then that message should bypass 
|virus/banned/spam checks. Remember, you list the Sender here.
|
|I always test with real mail, like you did in the second test.
|
|> This how my files look like:
|
|> Postfix main.cf
|
|> smtpd_recipient_restrictions =
|>    check_recipient_access hash:/etc/postfix/mailbox-full,
|>    check_recipient_access hash:/etc/postfix/mailbox-suspend,
|>    permit_mynetworks,
|>    check_helo_access hash:/etc/postfix/helo_access,
|>    check_client_access hash:/etc/postfix/pop-before-smtp,
|>    reject_non_fqdn_recipient,
|>    reject_unauth_destination,
|>    check_sender_access hash:/etc/postfix/amavis-bypass ...
|> content_filter = smtp-amavis:[127.0.0.1]:10024
|
|> Amavis-bypass:
|
|> [EMAIL PROTECTED]  FILTER  smtp-amavis:[127.0.0.1]:10026
|
|> Master.cf
|
|> smtp-amavis unix -      -       n       -       2  smtp
|>     -o smtp_data_done_timeout=1200
|>     -o smtp_send_xforward_command=yes
|>     -o disable_dns_lookups=yes
|> 127.0.0.1:10025 inet n  -       n       -       -  smtpd
|>     -o content_filter=
|>     -o local_recipient_maps=
|>     -o smtpd_helo_restrictions=
|>     -o smtpd_client_restrictions=
|>     -o smtpd_sender_restrictions=
|>     -o smtpd_recipient_restrictions=permit_mynetworks,reject
|>     -o mynetworks=127.0.0.0/8
|
|> Just in case, my amavisd looks like this:
|
|> @mynetworks = qw( 127.0.0.0/8 );  # default
|
|> $inet_socket_port = [10024, 10026];
|> .. At the end...
|> $interface_policy{'10026'} = 'LETITIN';
|
|> $policy_bank{'LETITIN'} = { bypass_spam_checks_maps => [[qw( 
|> [EMAIL PROTECTED] )]], bypass_banned_checks_maps => [[qw( 
|> [EMAIL PROTECTED] )]], bypass_virus_checks_maps => [[qw( 
|> [EMAIL PROTECTED] )]],
|spam_lovers_maps =>> [[qw( [EMAIL PROTECTED] )]],
|> banned_files_lovers_maps => [[qw( [EMAIL PROTECTED] )]],
|virus_lovers_maps =>> [[qw( [EMAIL PROTECTED] )]], };
|
|
|> Any ideas what might be wrong on postfix?
|
|
|
|Gary V
|
|
|
|-------------------------------------------------------
|SF.Net email is sponsored by: Discover Easy Linux Migration 
|Strategies from IBM. Find simple to follow Roadmaps, 
|straightforward articles, informative Webcasts and more! Get 
|everything you need to get up to speed, fast. 
|http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
|_______________________________________________
|AMaViS-user mailing list
|AMaViS-user@lists.sourceforge.net
|https://lists.sourceforge.net/lists/listinfo/amavis-user
|AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
|AMaViS-HowTos:http://www.amavis.org/howto/
|

The weird thing is that I tested this with another sender and mail is going
thru 10026 as supposed to but rather thru 10024 as all other mail. Seems as
if postfix was not detecting the FILTER rules.

Any ideas?



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to