On Mon, 2018-07-16 at 09:39 -0500, John Schmerold wrote:
> My local.cf has dozens of def_whitelist_auth entries
> (def_whitelist_auth
> *@ibm.com, def_whitelist_auth *@citi.com, def_whitelist_auth
> *@chase.com, etc)
>
> A couple questions for the SA geniuses:
>
> 1) Is there a mechanism to build a text file with domains so that
> each domain is included in the def_whitelist_auth (or whitelist_auth)
> category?
>
You can define a rule with a suitable negative score to act as a
whitelister. Its regex is a list of alternative domain names. It fires
if any one of them matches the sending domain.
To manually maintain that sort of list is a pain because it must be a
single, very long string. However, you can use something like my
'portmanteau' tool, which allows you to easily maintain a list of
hundreds of match items with your favourite text editor. Each time you
change the list, you use the portmanteau tool (written as a bash script
using awk to do the heavy lifting) to convert the edited file into an
SA rule. Download portmanteau here:
https://www.libelle-systems.c3487738.myzen.co.uk/free/portmanteau/portm
anteau.tgz
Alternatively, you can automate the process. This approach is based on
having a mail archive which, at the very least, holds a copy of every
email you've sent:
- if you have a central mail archive like this, use it.
If you don't have one, set one up.
- Write a Perl module for Spamassassin that interrogates the mail
archive and returns TRUE if it contains mail that was sent to the
sender of the email being checked.
This will be much faster and use fewer resources of the archive is
held as a relastional database rather than a collection of
emails in maildir or mstor format.
I use a PostgreSQL database to store the archive and a view to
check whether mail has been sent to the domain being checked.
- Write an SA rule that evaluates the Perl module and whitelists the
email if the Perl module returns TRUE.
Martin
