None of the white-listing features in Amavis handle banned files. I've posted a number of times on the list about how I've handled it - so you're welcome to go find those postings for more detail.
In short, I've used a script that I wrote myself to auto-release banned file quarantines. [I didn't want to try to extend the Amavis code, with all the attendant challenges. Writing a plug-in style script seemed more modular and faced less difficulty.] I have Amavis set to generate messages [to the sysop] for each quarantined file. The system gets those quarantine messages, and parses the text. I then have a flat-file I use for the sender+recpient+file-type white-list. If the sender/recipient/file-type combination matches a white-list entry, the script auto-releases the attachment [bad-file] (My white-list is a few dozen entries at most - so flat-file works just fine. A large mail-system might need something more.) If not, it stays in quarantine. Files > 30d, are removed by another script. I'd have to see how long exactly, but we've been using it for years, and it's been really useful. -Greg kgc> Yes, I know sender address can be easily faked. kgc> I have only incoming path on port 10024 for amavis and port 10026 for kgc> postfix. kgc> I need this feature for banned files filtering, not spam or virus check, kgc> between users inside my domains. kgc> I try different setups, but they all or don't work or bypassing all mail kgc> without any filtering. kgc> Martin's also doesn't work. Seems I do something wrong... kgc> Martin Johannes Dauser <mdau...@cs.sbg.ac.at> писал(а) в своём письме Mon, kgc> 12 Aug 2019 17:33:38 +0300: >> FIRST, be warned that sender address can be spoofed really easily. So >> you shouldn't put too much trust into them! >> I guess you haven't configured incomming and originating/outgoing paths >> for amavis yet? Something similar to this (ports 10024 and 10026 need to >> be delivered by your MTA of course): >> @mynetworks_maps = (read_array('/etc/amavisd/mynetworks'),); >> # IP-addresses regarded as local/originating saved as one IP or one >> Network with CIDR notation per line >> read_hash(\%whitelist_sender, '/etc/amavisd/whitelist_senders'); >> @listen_sockets = ( # incomming >> '127.0.0.1:10024', >> # originating >> '127.0.0.1:10026', >> ); >> $interface_policy{'10024'} = 'INCOMMING'; >> $interface_policy{'10026'} = 'ORIGINATING'; >> $policy_bank{'INCOMMING'} = { >> # set incomming mails as NOT-originating >> originating => 0, >> # mails from trusted envelope senders won't get scanned >> by Spamassassin >> whitelist_sender_maps => [ \%whitelist_sender ], >> # other settings >> #... >> }; >> $policy_bank{'ORIGINATING'} = { >> # set local smtpd as originating >> originating => 1, >> # other settings >> #... >> }; >> ---------- >> An alternative is to modify spam scores of senders. This defines a bonus >> or malus on spamassassin's values. You may have even different values >> depending on recipients. E.g. 'u...@domain.tld' and global '.' which >> means 'any other' and must set as last line in @score_sender_maps. >> @score_sender_maps = ( >> { 'u...@domain.tld' => [ >> read_hash('/etc/amavisd/sender_scores_user'), ], >> '.' => [ read_hash('/etc/amavisd/sender_scores_sitewide'), ], >> } >> ); >> Within /etc/amavisd/sender_scores_sitewide >> # Descr.: Hash Lookup (associative array lookup) for global soft >> white-/blacklsting# Note.: see >> https://amavis.org/README.lookups.txt for details about hash lookups >> # Format of the text file: one address per line >> # Each address can have an associated optional value >> (also known as the >> # 'righthand side' or RHS) separated from the address by >> whitespace. >> # An absence of a value implies 1. >> some.spam...@some.server.net 1.0 >> domain.spamschleu.de 8.0 >> someone.n...@trusted.net -5.0 >> trusted.doma.in -3.5 >> Greetings >> Martin >> On Mon, 2019-08-12 at 11:19 +0300, korsar...@gmail.com wrote: >>> Hi, is there any way to make whitelist for senders? Weird, but >>> read_hash(\%whitelist_sender, '/etc/amavisd/whitelist'); >>> @whitelist_sender_maps = (\%whitelist_sender); >>> make it for recipients, not senders... -- Gregory Sloop, Principal: Sloop Network & Computer Consulting Voice: 503.251.0452 x82 EMail: gr...@sloop.net http://www.sloop.net ---