OK, you use the file local.cf. Are you sure you are modifying the
correct local.cf. You rather need to be able to use, advisable or not,
whitelist_from if whitelist_from_rcvd or other whitelist_from_XXXX
variants are going to work. So let's get that working first.
Determine where the REAL local.cf SHOULD be on your system. That file
is USUALLY stored in /etc somewhere. On RedHat, as on my system, it is
setup to live in /etc/mail/spamassassin. Your description of what is
happening suggests you modified a file that is not being used.
Note that you can leave spamd running while you test if you use the
"spamassassin -t <testemail" approach. You can throw in a -D to get
debug messages and see why the whitelist_from line fails for you.
THEN it is appropriate to discuss what you should be using.
{^_-}
----- Original Message -----
From: "Josef Karliak" <karl...@ajetaci.cz>
To: <users@spamassassin.apache.org>
Sent: Sunday, 2010/August/15 09:35
Subject: Re: Spamassassin and no whitelisting
Yes, our users (from local LAN) are authorized over Domainkeys (all
emails frou our network are signed), and SA has a "trusted" network.
All from our company is OK and solved.
But we want to create whitelist for companies that our users mails
to. When outside company answers for email, and they don't have DKIM,
SPF, ... and sends emails that look like spam (HTML, SUBJ_ALL_CAPS,
...) this whitelisted email adress that we get from his "Sent Items"
folder pass this email and it is not filtered.
I know, all this is crazy, but DKIM or even "stupid" SPF is not
used often. And arogant domain admins of "rejected" domains :-/. How
do you solve false positives ? And complains on that ? I don't want do
decrease scores, I thought that whitelisting to senders get from our
users could help. If you emailed him, his reply is wanted. If not
emailed him, lets see results of the test. Nobody from our company
emailed you, but you use DKIM/SPF/... , we want this mail. Grr,
authorized spam ? -> sends to abuse.
What do you think ?
Thanks for advices and help.
J.K.
Cituji John Hardin <jhar...@impsec.org>:
On Sun, 15 Aug 2010, Josef Karliak wrote:
My idea is to create whitelist file for inluding to SA from emails sent
by our users (from Sent Items folders in cyrus emails). SA is a content
filter in the Postfix. Only global, not user prefs.
Is there some easy way to identify your users other than the domain
they claim to be sending from? In other words, is this a corporate
MTA where all the local mail originates from a specific subnet, or
an ISP where users send mail via authenticated SMTP?
If so, then there should be some way to tell postfix to trust
messages originating from those sources and not run them through SA
at all.
I am not a postfix guru. You might want to do some searches of the
SA list archives for posts that discuss postfix, there may be some
config examples already available that will work for you.
Best of luck.
Interesting is that I've many installs but on this server doesn't mark
me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
at all. I'll look over your recomendation about whitelist_from_auth,
but if don't mark one whitelist mode, it couldn't mark another :-/.
whitelist_from_rcvd specifying your local network may be another
option for this.
Thanks.
J.K.
Cituji John Hardin <jhar...@impsec.org>:
On Sun, 15 Aug 2010, Josef Karliak wrote:
I've some problem with whitelisting.
In the local.cf file I've for example:
> whitelist_from *...@ajetaci.cz
You do not want to do that. The From address on an email is
trivially easy to forge, and it is common practice for spammers to
forge a From address in the same domain as the target address.
whitelist_from is only to be used if nothing else will work, as it
is a naive whitelist.
You want to use whitelist_from_auth or one of the other
authenticated variants.
What did I missed ?
The best way to skip SA for local users is in the glue layer. Tell
it to recognize mail that originates from your local network and
for those messages simply _not call SA_ at all. Then you save the
processing overhead.
You didn't tell us how you're gluing SA onto your MTA. How are you
doing that?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If someone has a gun and is trying to kill you, it would be
reasonable to shoot back with your own gun.
-- the Dalai Lama, May 15, 2001
-----------------------------------------------------------------------
Today: the 65th anniversary of the end of World War II
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
