Hi all,
I have pflogsumm running log summaries on my postfix install, and sending
to an address that resolves locally. All is on localhost, which is a newly
installed CentOS7 server, amavisd-new 2.10.1 from EPEL.
The pflogsumm emails from root are triggering BAYES_99 as they go through
amavisd-new and spamassassin, and are often ending up marked as spam.
What's the best way to ensure that those are not flagged as spam, or
potentially to whitelist them somehow?
You can whitelist sender addresses, would this solve your problem? I have
these lines in /etc/amavis/conf.d/50-user:
read_hash(\%whitelist_sender, '/etc/amavis/whitelist');
@whitelist_sender_maps = (\%whitelist_sender);
bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't
spam-check this mail
bypass_banned_checks_maps => ['@whitelist_sender_maps'], # don't
banned-check this mail
bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't
header-check this mail
File /etc/amavis/whitelist contains a line-by-line list of whitelisted
addresses. To whitelist a whole domain, just precede with a dot. Examples:
f...@bloggs.com
.spammers-united.com
HTH, Dominic
----- End message from Dominic Raferd <domi...@timedicer.co.uk> -----
Thanks Dominic... it seems like a bit of a 'sledgehammer' to
whitelist a sender address, when sender addresses can be spoofed.
Perhaps I'm being paranoid :) Keen to hear feedback on that (the
approach, not whether I am paranoid :) ).
One thing I just noticed is that pflogsumm emails are dropped into
Postfix (and thence into Amavisd) via postfix/pickup not
postfix/smtpd. I wonder if there is a way there to mark emails from
localhost root that are fed into postfix/pickup as being not
spam-checked.
Simon.
----- End message from Simon Wilson <si...@simonandkate.net> -----
OK, I've added an additional listening port for amavisd (10028),
assigned a policy bank that bypasses spam checks, and have added the
content_filter override to postfix's pickup service - and all works as
planned. The pflogsumm emails no longer get spam checked.
So my question is whether in so doing I have opened up any
vulnerabilities that I have not thought of... I suppose I could alter
the spam check to look for emails only sent to me... but that seems a
little like doing something that I will later end up wondering why
something else's not working.
Anyone any thoughts?
Simon
amavisd.conf:
$inet_socket_port = [10024,10026,10028]; # listen on multiple TCP ports
$interface_policy{'10028'} = 'VIRUSONLY';
$policy_bank{'VIRUSONLY'} = { # mail from the pickup daemon
originating => 1,
bypass_spam_checks_maps => [1], # don't spam-check this mail
bypass_banned_checks_maps => [1], # don't banned-check this mail
bypass_header_checks_maps => [1], # don't header-check this mail
};
___________
Simon Wilson
M: 0400 12 11 16
