Re: [AMaViS-user] to address whitelisting

[Richard Bishop]

Aaron, all,


Quoting Aaron P. Martinez [EMAIL PROTECTED]:

 Essentially all i want to happen is for amavisd-new or SA to add the
 person our users are sending mail to the whitelist automatically.  I
 don't think we really care if it's using the to header or the rcpt to.

I think there are two ways to achieve this, one being to hack the source of
amavisd around, adding the necessary coding.  Alternatively you could do this
within your MTA...

I have never used Postfix, though with Exim this should be quite straightforward
to achieve using a combination of an 'unseen' router and a pipe transport acting
upon all outgoing mail.

A router matching all outgoing mail originating from your known local domains
would direct the outgoing email to both the destined recipient, as well as to a
script via the ('unseen') pipe transport - unseen just means that delivery
doesn't stop at this point, the message can be processed by other routers.

Routers
---

# Direct all locally sourced email to the whitelist script
whitelist_recip:
driver = accept
transport = whitelist_transport
unseen
...

# Deliver mail normally via SMTP
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
...


Transports
--

# Handle outgoing local mail and send it to the bash script
whitelist_transport:
driver = pipe
command = /usr/local/bin/whitelist_sender.sh
user = mail
...


I realise that this is very exim specific - as I said I've not had any
experience of using postfix, though I'm sure that there must be a way of
achieving the same results.  If somebody with more experience could interpret
my ramblings into postfix lingo?


A bash script would then extract the to:/cc: fields from the outgoing mail,
storing these into a lookup table - though this would probably be easier with
if amavis were using an sql database.  I'm not sure whether amavis can read
whitelists from external flat files - can somebody confirm this?

Of course, you'd have to account for the address having already been previously
whitelisted, and if so, not adding it a second time.  This should be a
straightforward sql/file search operation.

You would probably also want to periodically 'purge' the whitelist, removing
addresses that have not been used in a while.


 Is there a known way to make this happen that i'm missing?

Not natively with the software you are using AFAIK.  I can't see that SA will be
capable of doing this, and as I mentioned above, short of source-hacking, amavis
cannot achieve this.


 Is there a reason this is a bad idea?

If done correctly I believe that this will be quite effective and reliable, as
others have mentioned, this is used by a variety of providers - for example
Hotmail use a very similar system whereby you can add recipients to your
'contacts' list - which are then considered spam whitelisted.



Regards


Richard


-- 




---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] to address whitelisting

[Mark Martinec]

Aaron,

 I have searched for this on the SA, postfix and amavisd-new lists and
 the only thing that i came up with is that SA never sees the rcpt to
 address.
 Essentially all i want to happen is for amavisd-new or SA to add the
 person our users are sending mail to the whitelist automatically.  I
 don't think we really care if it's using the to header or the rcpt to.

With 'automatically' I don't know what you mean, but the rest is possible.

The term 'whitelisting' in amavisd-new (as well as in SA) is intended
for matching with sender address. What you are looking for is not 
whitelisting, but a way to permit mail to a recipient. Use one of:
@virus_lovers_maps, @spam_lovers_maps, @banned_files_lovers_maps,
or @bad_header_lovers_maps lookup tables.
Often the *lovers* is combined with *bypass* (see 
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#checks ),
e.g.:

@spam_lovers_maps = @bypass_spam_checks_maps = (
  [ qw( [EMAIL PROTECTED] [EMAIL PROTECTED] ) ],
);


Alterantive interpretation of your request is to allow mail originating
from internal clients not to be spam checked. A reliable way to
achieve this is to use a policy bank 'MYNETS', which may have
different settings that global, for example it may have spam
checking disabled:

@mynetworks = qw(127.0.0.0/8 10.0.0.0/8 ...);  # list your networks here

$policy_bank{'MYNETS'} = {  # mail originating from @mynetworks
  bypass_spam_checks_maps   = [1],  # don't spam-check
  bypass_banned_checks_maps = [1],  # don't banned-check
};

See amavisd.conf-sample and 
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks

Both approaches can be combined. For example you can place
spam_lovers_maps list within a policy bank, so it will only apply
to messages which activate a certain policy bank.

  Mark


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] to address whitelisting

[Aaron P. Martinez]

Mark Martinec wrote:


Aaron,

 


I have searched for this on the SA, postfix and amavisd-new lists and
the only thing that i came up with is that SA never sees the rcpt to
address.
Essentially all i want to happen is for amavisd-new or SA to add the
person our users are sending mail to the whitelist automatically.  I
don't think we really care if it's using the to header or the rcpt to.
   



With 'automatically' I don't know what you mean, but the rest is possible.

The term 'whitelisting' in amavisd-new (as well as in SA) is intended
for matching with sender address. What you are looking for is not 
whitelisting, but a way to permit mail to a recipient. Use one of:

@virus_lovers_maps, @spam_lovers_maps, @banned_files_lovers_maps,
or @bad_header_lovers_maps lookup tables.
Often the *lovers* is combined with *bypass* (see 
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#checks ),

e.g.:

@spam_lovers_maps = @bypass_spam_checks_maps = (
 [ qw( [EMAIL PROTECTED] [EMAIL PROTECTED] ) ],
);
 


Not exactly,

Sorry if i phrased my question wrong.

The process would be as such.
1. internal user x sends mail to external user y. 
2. since we are sending mail to user y, user y must be ok to receive 
mail from.
3. amavis or SA sees that we are sending mail to person y and 
automatically adds user y to whitelist, either per recipient or global, 
for future incoming emails from user y.


hope this better explains.



Alterantive interpretation of your request is to allow mail originating
from internal clients not to be spam checked. A reliable way to
achieve this is to use a policy bank 'MYNETS', which may have
different settings that global, for example it may have spam
checking disabled:

@mynetworks = qw(127.0.0.0/8 10.0.0.0/8 ...);  # list your networks here

$policy_bank{'MYNETS'} = {  # mail originating from @mynetworks
 bypass_spam_checks_maps   = [1],  # don't spam-check
 bypass_banned_checks_maps = [1],  # don't banned-check
};

See amavisd.conf-sample and 
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks


Both approaches can be combined. For example you can place
spam_lovers_maps list within a policy bank, so it will only apply
to messages which activate a certain policy bank.

 Mark


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
 


Thanks again,

Aaron


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] to address whitelisting

[Mark Martinec]

Aaron, Gary,

| 1. internal user x sends mail to external user y. 
| 2. since we are sending mail to user y, user y must be ok to receive 
| mail from.
| 3. amavis or SA sees that we are sending mail to person y and 
| automatically adds user y to whitelist, either per recipient or global, 
| for future incoming emails from user y.

 I understood him to mean that when a message is sent to an external
 domain from inside a local domain, the recipient's name(s) would be
 captured and placed into an amavisd-new whitelist. This could probably
 be done by scripting a program to scan mail logs, collect the data,
 and place it into a table, either static or dynamic. I have a feeling
 however that once this was implemented, undesirable email addresses
 would end up in the database. Once that started happening, the idea
 would end up getting scrapped, but that is complete conjecture on my
 part. If done correctly I could see the value of this (at least
 conceptually).

I see, I misunderstood. Opening up a reverse channel indeed sounds
like a good idea, if done for a limited time and if opened just for the
sender/recipient pair, and contributing just a couple of negative score points
(not hard-whitelisting) to the final spam score.

SQL-based soft-whitelisting mechanism could probably be used for the job.
It is up to some external mechanism to add sender/recipient pairs to a 
soft-whitelisting database, and to expire them after a couple of days,
preferably slowly reducing negative score towards zero in few steps
or taking elapsed time in score calculation. Information about outgoing 
sender/recip pairs could be collected from reporting/logging SQL database,
it is not necessary to parse the log file. Contributions welcome.

  Mark

  Mark


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

RE: [AMaViS-user] to address whitelisting

[Michael Scheidell]

 I understood him to mean that when a message is sent to an 
 external domain from inside a local domain, the recipient's 
 name(s) would be captured and placed into an amavisd-new 
 whitelist. This could probably be done by scripting a program 
 to scan mail logs, collect the data, and place it into a 
 table, either static or dynamic. I have a feeling however 
 that once this was implemented, undesirable email addresses 
 would end up in the database. Once that started happening, 
 the idea would end up getting scrapped, but that is complete 
 conjecture on my part. If done correctly I could see the 
 value of this (at least conceptually).

This is a 'feature' of some systems, like GFI.
One reason for doing this might be:
User [EMAIL PROTECTED] sends email (through amavisd-new) to
[EMAIL PROTECTED]
[EMAIL PROTECTED] replys back (with content from original email) and
domain.com's amavisd-new blocks it as spam. 

(it happens)

First, you woeuld have to send all email out the same box amavisd-new.
Second, I would suggest using the AWL feature, OR, maybe look at the
reply-to or reference of or whatever headers from the original email
(then it doesn't have to send out the amavisd-new system)



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] to address whitelisting

[Aaron P. Martinez]

I have searched for this on the SA, postfix and amavisd-new lists and 
the only thing that i came up with is that SA never sees the rcpt to 
address.


I'm using Postfix 2.2.8, amavisd-new 2.3.3, SA 3.0.4 running on a CentOS 
system.


Essentially all i want to happen is for amavisd-new or SA to add the 
person our users are sending mail to the whitelist automatically.  I 
don't think we really care if it's using the to header or the rcpt to. 


Is there a known way to make this happen that i'm missing?

Is there a reason this is a bad idea?

TIA,

Aaron Martinez


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/