Whitelist for localhost

Mark Martinec Mark.Martinec+amavis at ijs.si
Mon Dec 19 17:19:12 CET 2011


Alex,

> I have an amavisd-new-2.6.6 install on a fedora15 box with
> spamassassin-3.3.2, and having trouble figuring out how to whitelist
> mail sent by root, such as cron scripts.
> 
> I've found several references how to bypass amavisd scanning for such
> mail, but it's much more involved. I thought it was possible to just
> whitelist the mail, adding a significant enough negative score so it
> won't be tagged as spam?
> 
> I've included the headers from a message that was quarantined because
> the body contained a pattern matching a viurs. I've also added the
> following to spamassassin local.cf:
> 
> whitelist_from_rcvd *@mail01.example.com example.com
> whitelist_from_rcvd *@mail01.example.com 127.0.0.1
> whitelist_from_rcvd *@mail01.example.com localhost
> 
[...]
> X-Amavis-Alert: INFECTED, message contains virus:
>         INetMsg.SpamDomain-2w.almonpowny_com.UNOFFICIAL
> X-Spam-Status: No, score=x tag=-200 tag2=5 kill=5 tests=[]

Whitelisting only affects spam checks. You message was blocked
by a virus scanner. There is no direct equivalent to whitelisting
for virus and banned scans. The only way is to use a policy bank,
or configure MTA to bypass amavis altogether for message that
need such treatment.

If your cron job submits mail through a sendmail command
or its lookalike (i.e. not though SMTP), the easiest way
to bypass a content filter is to disable content_filter for
a pickup service (file master.cf, assuming Postfix is used):

pickup    fifo  n       -       n       60      1       pickup
  -o content_filter=


Here is another way (amavisd.conf):

  @client_ipaddr_policy = (
    [qw( 0.0.0.0/8 127.0.0.1/8 [::] [::1] )] => 'LOCALHOST',
    \@mynetworks => 'MYNETS',
  );

  $policy_bank{'LOCALHOST'} = {
    originating => 1,
    bypass_virus_checks_maps  => [1],
    bypass_spam_checks_maps   => [1],
    bypass_banned_checks_maps => [1],
  };


Mark


More information about the amavis-users mailing list