Re: problems with whitelisting

Thu, 24 Mar 2022 10:51:35 -0700 

On 24/03/2022 17:13, hiller wrote:

Dear list,

i have installed amavisd-new version 2.11.0. I have problems with whitelisting.
I have googled around and none of the soltions worked.
I amavisd.conf i did:

read_hash(\%whitelist_sender, '/etc/amavisd.whitelist_ext'),
@whitelist_sender_maps = (\%whitelist_sender),

/etc/amavisd.whitelist_ext contains:
.gooddomain.com
fri...@nospammer.org

This does not work. Mails from the good addresses are still spamchecked, 
bannedchecked and headerchecked.

This also does not work:
@whitelist_sender_maps = (['.gooddomain.com', 'fri...@nospammer.org']);


Also this does not work either:
read_hash(\%whitelist_sender, '/etc/amavisd.whitelist_ext');
@whitelist_sender_maps = (\%whitelist_sender);

$interface_policy{'10024'} = 'VIRUSONLY';
$policy_bank{'VIRUSONLY'} = { # mail from the pickup daemon
  bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't spam-check 
this mail
  bypass_banned_checks_maps => ['@whitelist_sender_maps'], # don't banned-check 
this mail
  bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't header-check 
this mail
};

For me bypass_*_checks_maps seems to be a global on/off switch. With this 
method i do whitelist any address, no matter of the contents of 
/etc/amavisd.whitelist_ext.

These are the definition of the ports:
# 10024 = outside email - check, don't sign
# 10026 = inside email - check & sign
# 10028 = mailman - sign only; email was checked on delivery
$inet_socket_port = [10024, 10026, 10028];  # listen on multiple TCP ports


This should work:

@whitelist_sender_maps = ( read_hash('/etc/amavisd.whitelist_ext') );
But it may not be applied to mail inside policy banks, I am not sure. I avoid policy banks.
Note that amavis whitelisting applies *both* to the From: address *and* to the Envelope Sender i.e. if *either* one matches, the mail passes. This is not very wise IMO but it is how it is coded (same as for blacklisting, where it makes more sense).
I think a better approach than amavis whitelist is to reduce SA scoring for 'From:' addresses where appropriate.

Reply via email to