10

I'd like to know how to configure amavisd-new to only scan for Spam on particular clients (IPs, CIDRs or hostnames) or alternatively sender's email domain.

I know that it is possible to do it on a recipient's mail address but not on how to do it for the sender's mail address. It is even possible to do it on a recipient's IP address with policy banks. But my approach should be to be independent of recipient and only relay on the sender.

What I want to accomplish is to only scan mails originating from Yahoo, Google, Hotmail and the other big senders. So it is easier to configure which senders should be observed than the ones that shouldn't.

I known that it is easier to achieve on the MTA side, but that is not part of the question because I already go a solution on the MTA side. I want to do it on amavisd-new. And it doesn't help to know how to put senders on a whitelist, as this still means that the mail goes through all the scanning but then gets a high negative score. The mail shouldn't be scanned at all unless sent by the big players.

So which parameters in amavisd-new is the right one to enable scanning for particular senders and only for these?

the-wabbit
  • 40,319
  • 13
  • 105
  • 169
mailq
  • 16,882
  • 2
  • 36
  • 66
  • Have you seen [these examples](http://www200.pair.com/mecham/spam/bypassing.html#6)? If so, what's wrong with them? – the-wabbit Jan 14 '12 at 21:15
  • @syneticon-dj I know them. This is the solution I already have (fourth paragraph above). But they are after queue filters and I need amavis to run as a before queue filter and then this does not work. And this is to bypass particular senders; I want the opposite to only scan particular senders and bypass the rest. – mailq Jan 14 '12 at 21:18
  • I can't see why it would not work before-queue. And reversing the logic to scan only particular senders and not scan anything else is just reversing the configuration settings for your policy banks - set up bypass_*_checks_maps variables as your default config and make sure the maps are empty for your yahoo.com policy bank. – the-wabbit Jan 14 '12 at 21:27
  • Why wouldn't whitelisting work for not calling SpamAssassin? From amavisd.conf-sample: "If ALL recipients of the message either white- or blacklist the sender, spam scanning (calling the SpamAssassin) is bypassed, saving on time." "ALL" recipients should be affected when using @whitelist_sender_maps shouldn't it? – sebokopter Apr 05 '12 at 11:56

1 Answers1

1

Amavisd whitelist all except certain domain

What you need is whitelist_sender_map (here) with regex lookaround (here)

Whitelist all except Domain.X

@whitelist_sender_maps = ( new_RE(
    qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i
));

Whitelist all except Domain And Sub-Domain of X

@whitelist_sender_maps = ( new_RE(
    qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i
));

Modifying

For example, adding msn.com to whitelist exception

@whitelist_sender_maps = ( new_RE(
    qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$|msn\.com$))'i
));

DON'T BREAK THAT RULE INTO MULTIPLE RULES, IT IS NOT WHAT YOU WANT

Breaking the rules in 2 or more lines will WHITELIST EVERYTHING!!

(I will put this section in red if possible)

In simple terms, whitelist is a sequencial check, one line/rule at a time.

Let look at the following WRONG example

# DO NOT COPY THIS
@whitelist_sender_maps = ( new_RE(
    qr'@(?!(gmail\.com$|hotmail\.com$))'i,
    qr'@(?!(aol\.com$|msn\.com$))'i
));
# DO NOT COPY THIS
  1. Anything from msn.com will pass, because the 1st line return TRUE, and the check stop.
  2. Anything from gamil.com will pass, because after failing the 1st line, amavisd move to the 2nd line, which will return TRUE.
  3. What about domain not in the list? They will pass. This is the intention of the rule!

You end up whitelisting all senders!!

Perl Testing Program

#!/usr/bin/perl

use strict;

# Reject Domain & Sub-Domain
#my $REGinfo='==Reject Domain & Sub-Domain=='
#my $REG=qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i;

# Exact domain only
my $REGinfo='==Exact Domain Only==';
my $REG=qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i;

print $REGinfo."\n";
print '$REG='.$REG."\n\n";

my @strTest = (
    'test@hotmail.com',
    'test@gmail.com',
    'test@aol.com',
    'test@msn.com',
    'test@yahoo.com',
    'test@yahoo.aol.com',
    'aol.com@somethingelse.com'
);

for my $i (0 .. $#strTest){
    if ($strTest[$i] =~ $REG) {
        print ("Pass $strTest[$i]\n");
    }
    else {
        print ("Fail $strTest[$i]\n");
    }
}
John Siu
  • 3,577
  • 2
  • 15
  • 23