Re: Spamassassin and no whitelisting

Sun, 15 Aug 2010 08:36:13 -0700 

On Sun, 15 Aug 2010, Josef Karliak wrote:


 My idea is to create whitelist file for inluding to SA from emails sent
 by our users (from Sent Items folders in cyrus emails). SA is a content
 filter in the Postfix. Only global, not user prefs.



Is there some easy way to identify your users other than the domain they 
claim to be sending from? In other words, is this a corporate MTA where 
all the local mail originates from a specific subnet, or an ISP where 
users send mail via authenticated SMTP?



If so, then there should be some way to tell postfix to trust messages 
originating from those sources and not run them through SA at all.



I am not a postfix guru. You might want to do some searches of the SA list 
archives for posts that discuss postfix, there may be some config examples 
already available that will work for you.


Best of luck.


 Interesting is that I've many installs but on this server doesn't mark
 me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
 at all. I'll look over your recomendation about whitelist_from_auth,
 but if don't mark one whitelist mode, it couldn't mark another :-/.



whitelist_from_rcvd specifying your local network may be another option 
for this.



 Thanks.
 J.K.

Cituji John Hardin <jhar...@impsec.org>:


On Sun, 15 Aug 2010, Josef Karliak wrote:

> I've some problem with whitelisting.
> In the local.cf file I've for example:

> 
> whitelist_from         *...@ajetaci.cz



You do not want to do that. The From address on an email is trivially easy 
to forge, and it is common practice for spammers to forge a From address in 
the same domain as the target address. whitelist_from is only to be used if 
nothing else will work, as it is a naive whitelist.



You want to use whitelist_from_auth or one of the other authenticated 
variants.


> What did I missed ?


The best way to skip SA for local users is in the glue layer. Tell it to 
recognize mail that originates from your local network and for those 
messages simply _not call SA_ at all. Then you save the processing 
overhead.



You didn't tell us how you're gluing SA onto your MTA. How are you doing 
that?


--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  If someone has a gun and is trying to kill you, it would be
  reasonable to shoot back with your own gun.
                                      -- the Dalai Lama, May 15, 2001
-----------------------------------------------------------------------
 Today: the 65th anniversary of the end of World War II






















					Reply via email to