Re: [AMaViS-user] to address whitelisting
Aaron, all, Quoting Aaron P. Martinez [EMAIL PROTECTED]: Essentially all i want to happen is for amavisd-new or SA to add the person our users are sending mail to the whitelist automatically. I don't think we really care if it's using the to header or the rcpt to. I think there are two ways to achieve this, one being to hack the source of amavisd around, adding the necessary coding. Alternatively you could do this within your MTA... I have never used Postfix, though with Exim this should be quite straightforward to achieve using a combination of an 'unseen' router and a pipe transport acting upon all outgoing mail. A router matching all outgoing mail originating from your known local domains would direct the outgoing email to both the destined recipient, as well as to a script via the ('unseen') pipe transport - unseen just means that delivery doesn't stop at this point, the message can be processed by other routers. Routers --- # Direct all locally sourced email to the whitelist script whitelist_recip: driver = accept transport = whitelist_transport unseen ... # Deliver mail normally via SMTP dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ... Transports -- # Handle outgoing local mail and send it to the bash script whitelist_transport: driver = pipe command = /usr/local/bin/whitelist_sender.sh user = mail ... I realise that this is very exim specific - as I said I've not had any experience of using postfix, though I'm sure that there must be a way of achieving the same results. If somebody with more experience could interpret my ramblings into postfix lingo? A bash script would then extract the to:/cc: fields from the outgoing mail, storing these into a lookup table - though this would probably be easier with if amavis were using an sql database. I'm not sure whether amavis can read whitelists from external flat files - can somebody confirm this? Of course, you'd have to account for the address having already been previously whitelisted, and if so, not adding it a second time. This should be a straightforward sql/file search operation. You would probably also want to periodically 'purge' the whitelist, removing addresses that have not been used in a while. Is there a known way to make this happen that i'm missing? Not natively with the software you are using AFAIK. I can't see that SA will be capable of doing this, and as I mentioned above, short of source-hacking, amavis cannot achieve this. Is there a reason this is a bad idea? If done correctly I believe that this will be quite effective and reliable, as others have mentioned, this is used by a variety of providers - for example Hotmail use a very similar system whereby you can add recipients to your 'contacts' list - which are then considered spam whitelisted. Regards Richard -- --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] to address whitelisting
Aaron, I have searched for this on the SA, postfix and amavisd-new lists and the only thing that i came up with is that SA never sees the rcpt to address. Essentially all i want to happen is for amavisd-new or SA to add the person our users are sending mail to the whitelist automatically. I don't think we really care if it's using the to header or the rcpt to. With 'automatically' I don't know what you mean, but the rest is possible. The term 'whitelisting' in amavisd-new (as well as in SA) is intended for matching with sender address. What you are looking for is not whitelisting, but a way to permit mail to a recipient. Use one of: @virus_lovers_maps, @spam_lovers_maps, @banned_files_lovers_maps, or @bad_header_lovers_maps lookup tables. Often the *lovers* is combined with *bypass* (see http://www.ijs.si/software/amavisd/amavisd-new-docs.html#checks ), e.g.: @spam_lovers_maps = @bypass_spam_checks_maps = ( [ qw( [EMAIL PROTECTED] [EMAIL PROTECTED] ) ], ); Alterantive interpretation of your request is to allow mail originating from internal clients not to be spam checked. A reliable way to achieve this is to use a policy bank 'MYNETS', which may have different settings that global, for example it may have spam checking disabled: @mynetworks = qw(127.0.0.0/8 10.0.0.0/8 ...); # list your networks here $policy_bank{'MYNETS'} = { # mail originating from @mynetworks bypass_spam_checks_maps = [1], # don't spam-check bypass_banned_checks_maps = [1], # don't banned-check }; See amavisd.conf-sample and http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks Both approaches can be combined. For example you can place spam_lovers_maps list within a policy bank, so it will only apply to messages which activate a certain policy bank. Mark --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] to address whitelisting
Mark Martinec wrote: Aaron, I have searched for this on the SA, postfix and amavisd-new lists and the only thing that i came up with is that SA never sees the rcpt to address. Essentially all i want to happen is for amavisd-new or SA to add the person our users are sending mail to the whitelist automatically. I don't think we really care if it's using the to header or the rcpt to. With 'automatically' I don't know what you mean, but the rest is possible. The term 'whitelisting' in amavisd-new (as well as in SA) is intended for matching with sender address. What you are looking for is not whitelisting, but a way to permit mail to a recipient. Use one of: @virus_lovers_maps, @spam_lovers_maps, @banned_files_lovers_maps, or @bad_header_lovers_maps lookup tables. Often the *lovers* is combined with *bypass* (see http://www.ijs.si/software/amavisd/amavisd-new-docs.html#checks ), e.g.: @spam_lovers_maps = @bypass_spam_checks_maps = ( [ qw( [EMAIL PROTECTED] [EMAIL PROTECTED] ) ], ); Not exactly, Sorry if i phrased my question wrong. The process would be as such. 1. internal user x sends mail to external user y. 2. since we are sending mail to user y, user y must be ok to receive mail from. 3. amavis or SA sees that we are sending mail to person y and automatically adds user y to whitelist, either per recipient or global, for future incoming emails from user y. hope this better explains. Alterantive interpretation of your request is to allow mail originating from internal clients not to be spam checked. A reliable way to achieve this is to use a policy bank 'MYNETS', which may have different settings that global, for example it may have spam checking disabled: @mynetworks = qw(127.0.0.0/8 10.0.0.0/8 ...); # list your networks here $policy_bank{'MYNETS'} = { # mail originating from @mynetworks bypass_spam_checks_maps = [1], # don't spam-check bypass_banned_checks_maps = [1], # don't banned-check }; See amavisd.conf-sample and http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks Both approaches can be combined. For example you can place spam_lovers_maps list within a policy bank, so it will only apply to messages which activate a certain policy bank. Mark --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ Thanks again, Aaron --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] to address whitelisting
Aaron, Gary, | 1. internal user x sends mail to external user y. | 2. since we are sending mail to user y, user y must be ok to receive | mail from. | 3. amavis or SA sees that we are sending mail to person y and | automatically adds user y to whitelist, either per recipient or global, | for future incoming emails from user y. I understood him to mean that when a message is sent to an external domain from inside a local domain, the recipient's name(s) would be captured and placed into an amavisd-new whitelist. This could probably be done by scripting a program to scan mail logs, collect the data, and place it into a table, either static or dynamic. I have a feeling however that once this was implemented, undesirable email addresses would end up in the database. Once that started happening, the idea would end up getting scrapped, but that is complete conjecture on my part. If done correctly I could see the value of this (at least conceptually). I see, I misunderstood. Opening up a reverse channel indeed sounds like a good idea, if done for a limited time and if opened just for the sender/recipient pair, and contributing just a couple of negative score points (not hard-whitelisting) to the final spam score. SQL-based soft-whitelisting mechanism could probably be used for the job. It is up to some external mechanism to add sender/recipient pairs to a soft-whitelisting database, and to expire them after a couple of days, preferably slowly reducing negative score towards zero in few steps or taking elapsed time in score calculation. Information about outgoing sender/recip pairs could be collected from reporting/logging SQL database, it is not necessary to parse the log file. Contributions welcome. Mark Mark --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] to address whitelisting
I understood him to mean that when a message is sent to an external domain from inside a local domain, the recipient's name(s) would be captured and placed into an amavisd-new whitelist. This could probably be done by scripting a program to scan mail logs, collect the data, and place it into a table, either static or dynamic. I have a feeling however that once this was implemented, undesirable email addresses would end up in the database. Once that started happening, the idea would end up getting scrapped, but that is complete conjecture on my part. If done correctly I could see the value of this (at least conceptually). This is a 'feature' of some systems, like GFI. One reason for doing this might be: User [EMAIL PROTECTED] sends email (through amavisd-new) to [EMAIL PROTECTED] [EMAIL PROTECTED] replys back (with content from original email) and domain.com's amavisd-new blocks it as spam. (it happens) First, you woeuld have to send all email out the same box amavisd-new. Second, I would suggest using the AWL feature, OR, maybe look at the reply-to or reference of or whatever headers from the original email (then it doesn't have to send out the amavisd-new system) --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] to address whitelisting
I have searched for this on the SA, postfix and amavisd-new lists and the only thing that i came up with is that SA never sees the rcpt to address. I'm using Postfix 2.2.8, amavisd-new 2.3.3, SA 3.0.4 running on a CentOS system. Essentially all i want to happen is for amavisd-new or SA to add the person our users are sending mail to the whitelist automatically. I don't think we really care if it's using the to header or the rcpt to. Is there a known way to make this happen that i'm missing? Is there a reason this is a bad idea? TIA, Aaron Martinez --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/