Hello,
we managed to change source address of the mail from null <> to the same
that is in From: header, so finally I should be able to avoid scanning.
On Mon, 18 May 2020 at 15:37, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
seems that addresses used in bypass_virus_checks_maps and
bypass_spam_checks_maps, are the envelope from addresses.
We have gateway that sends reports with envelope addresses empty ("<>"), but
From: in headers is in form MAILER-DAEMON@mail.gateway
unfortunately, other mails come through the gateway with emppty envelope
from, so the only address I can safely (gateway takes care of faking the
address) whitelist is therefore the header address.
is it possible to use header address in whitelisting?
Or is there any trick to whitelist such address?
On 18.05.20 15:52, Dominic Raferd wrote:
@whitelist_sender_maps whitelists based on either of the From header
address or the envelope sender address.
On 18.05.20 19:43, Matus UHLAR - fantomas wrote:
well, I have tried to $bypass_spam_checks{'address@mail.gateway'}=1;
and with address in From: was scanned and smavisd even logged:
May 18 17:00:11 mail amavis[5414]: (05414-11) Passed CLEAN {RelayedInbound},
[x.x.x.x]:29354 ESMTP/LMTP <> -> <redacted>, (), Queue-ID: X,
Message-ID: <...@mail.gateway>, mail_id:
UWTOVxZdTfiR, b: tpOHtsF7t, Hits: -16, size: 24677, queued_as: Y,
Subject: "Quarantine Summary: [ 2 message(s) quarantined from Mon, 18 May
2020 14:00:00 +0200 to Mon, 18 May 2", From: <address@mail.gateway>,
helo=mail.gateway, Tests:
[ALL_TRUSTED=-1,BAYES_40=-0.001,HTML_MESSAGE=0.001,USER_IN_DEF_WHITELIST=-15],
autolearn=no autolearn_force=no, autolearnscore=0.001, 7810 ms
(It is not very good behaviour
IMO: I suspect the code was really written for @blacklist_sender_maps
and just carried over to work with the whitelist, the behaviour is
conservative for a blacklist but risks letting through bad stuff with
a whitelist. I don't use this type of whitelisting at all any more.)
I agree that simply whitelisting sender is not safe. We must make it safe
ourselves.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
