Stefan, > are there any plans / ideas to support SOFT white-/blacklisting not only > via SQL lookup, but also via LDAP lookups?
No plans ( not using LDAP myself :), but contributions are welcome. > I guess, the main problem here is how to store and retrieve those > information in the LDAP tree. Obviously, the SQL approach (using a > separate table with per sender values "W"/"B" or a score value) will > not work that simple with LDAP. > > One naive approach would be to add another attribute to the objectclass > amavisAccount, eg. "amavisWBList", which can occur multiple times. The > value of this attribute could be something like "sen...@doma.in B" or > "sen...@doma.in +5.0" (for hard-blacklisting the sender resp. soft- > blacklisting the sender). To search for this format of entries amavisd > must execute a substring-search: amavisWBList="sen...@doma.in *" - don't > know if this is possible (the space before "*" is important!). Probably > this also will not scale very well. > > Another way would be to introduce a new objectclass "amavisWBEntry", > which contains the single-valued attributes "senderAddress", > "recipientAddress" and "wbscore" (with the same meaning as the > corresponding SQL columns). This would be very similar to the SQL-way > of W/B-listing, but this may cause performance problems with a lot of > W/B-listing entries... > > Any comments? Any other ideas? Maybe nobody even WANTS to introduce > soft W/B-listing in LDAP for other reasons... No particular reasons not to, just needs to be done somehow. As they say, there is nothing lightweight about it :) Btw, adding score points purely based on sender address (soft or hard whitelisting) lost its initial advantage, now that most junk mail is playing tricks with envelope sender addresses and author addresses in the header section. Some form of authentication became a necessity. SpamAssassin uses three possibilities: whitelisting based on a valid DKIM or DK signature, based on SPF, or based on a domain in a Received header field. Plain whitelisting is practically useless nowadays. So when considering what can be done with LDAP, I think this should be taken into consideration. (but yes, there is no such problem with blacklisting) Mark ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
