Clearing contents_category from a custom hook?

Mark Martinec Mark.Martinec+amavis at ijs.si
Tue Feb 28 15:21:42 CET 2012 

Jacob,

> I've written a custom whitelist-hook in the custom's file, where a
> whitelist-file is loaded, and matched against both body and envelope from
> addresses.
> ( I know that a whitelist metodh is only supposed to match against the
> envelope address, but then I'd just as well use amavis' own whitelist
> function, but since it's an requirement from the users that they can
> whitelist both body and envelope addresses, I have to do it this way )

The white/black-listing in amavisd was based only on envelope sender
address in versions older than 2.6.0.  Starting with 2.6.0, both the envelope
and the author address are taken into account.


amavisd-new-2.6.0 release notes:

COMPATIBILITY WITH 2.5.4

- white and blacklisting now takes into account both the SMTP envelope
  sender address, as well as the author address from a header section
  (address(es) in a 'From:' header field). Note that whitelisting
  based only on a sender-specified address is mostly useless nowadays.
  For a reliable whitelisting see @author_to_policy_bank_maps below,
  as well as a set of whitelisting possibilities in SpamAssassin (based
  on DKIM, SPF, or on Received header fields);


> But in the case, where there is a banned file attached to an email from a
> whitelisted address, the email is banned anyway.

Whitelisting based on information provided by the sender may be
acceptable for low-risk decisions like spam filtering, but should
not be used to bypass banning or virus checks. Use DKIM-based
whitelisting for such purpose:


amavisd-new-2.6.0 release notes:

- loading of policy banks based on valid DKIM-signed author's address
  can be used for reliable whitelisting, for bypassing banned checks, etc.

[...]

- a new configuration variable @author_to_policy_bank_maps (also a member
  of policy banks) is a list of lookup tables (typically only a hash-type
  lookup table is used), which maps author addresses(es) (each address in
  a 'From:' header field - typically only one) to one or more policy bank
  names (a comma-separated list of names).

  A match can only occur if a valid DKIM author domain signature or a valid
  DKIM third-party signature is found, so in as much as one can trust the
  signing domain, loading of arbitrary policy banks can be safe, offering
  a flexibility of whitelisting against spam (absolute or just contributing
  score points), bypassing of checks (banned, virus, bad-header), using
  less restrictive banned rules for certain senders, by-sender routing,
  turning quarantining/archiving on/off, and other tricks offered by the
  existing policy bank loading mechanisms.

  When a message has a valid DKIM (or DomainKeys) author domain signature
  (i.e. when a 'From:' address matches a signing identity according to DKIM
  (RFC 4871) or DomainKeys (RFC 4870) rules), a lookup key is an unchanged
  author address and the usual lookup rules apply (README.lookups - hash
  lookups).

  When a valid third-party signature is found, a lookup key (author address)
  is extended by a '/@' and a lowercased signing domain, as shown in the
  example below.

  The semantics is very similar to a whitelist_from_dkim feature in
  SpamAssassin, but is more flexible as is allows any dynamic amavisd
  setting to be changed depending on author address, not just skipping
  of spam checks.

  A few examples of a SpamAssassin's whitelist_from_dkim (as in local.cf)
  along with equivalent amavisd @author_to_policy_bank_maps entries follow.

  To whitelist any From address with a domain example.com when a message
  has a valid author domain signature (i.e. a signature by the same domain):
    SA:  whitelist_from_dkim  *@example.com
    am:  'example.com' => 'WHITELIST',
  which is equivalent to a lengthy but redundant:
    SA:  whitelist_from_dkim  *@example.com  example.com
    am:  'example.com/@example.com' => 'WHITELIST',

  Similar to above, but applies to subdomains of example.com carrying
  a valid author domain signature (i.e. signature BY THE SAME SUBDOMAIN):
    SA:  whitelist_from_dkim  *@*.example.com
    am:  '.example.com' => 'WHITELIST',
  Note that in amavisd hash lookups a '.example.com' implies a parent
  domain 'example.com' too, while in SpamAssassin and in Postfix maps
  a parent domain needs its own entry if desired.

  To whitelist From addresses from subdomains of example.com which carry
  a valid third-party signature of its parent domain:
    SA:  whitelist_from_dkim  *@*.example.com  example.com
    am: '.example.com/@example.com' => 'WHITELIST',

  To whitelist any From address as long as a message has a valid DKIM
  or DomainKeys signature by example.com, i.e. a third-party signature.
  Typical for mailing lists or discussion groups which sign postings.
    SA:  whitelist_from_dkim  *@*  example.com
    am:  './@example.com' => 'WHITELIST',

  Here is a complete example that can be included in amavisd.conf:

  @author_to_policy_bank_maps = ( {
  # 'friends.example.net'      => 'WHITELIST,NOBANNEDCHECK',
  # 'user1 at cust.example.net'   => 'WHITELIST,NOBANNEDCHECK',
    '.ebay.com'                => 'WHITELIST',
    '.ebay.co.uk'              => 'WHITELIST',
    'members.ebay.co.uk/@ebay.co.uk' => 'WHITELIST',
    'ebay.at'                  => 'WHITELIST',
    'ebay.ca'                  => 'WHITELIST',
    'ebay.fr'                  => 'WHITELIST',
    'ebay.de'                  => 'WHITELIST',
    'members.ebay.de/@ebay.de' => 'WHITELIST',
    '.paypal.co.uk'            => 'WHITELIST',
    '.paypal.com'              => 'WHITELIST',  # author domain signatures
    './@paypal.com'            => 'WHITELIST',  # 3rd-party sign. by paypal.com
    'alert.bankofamerica.com'  => 'WHITELIST',
    'ealerts.bankofamerica.com'=> 'WHITELIST',
    'amazon.com'               => 'WHITELIST',
    'amazon.de'                => 'WHITELIST',
    'amazon.co.uk'             => 'WHITELIST',
    'cisco.com'                => 'WHITELIST',
    '.cnn.com'                 => 'WHITELIST',
    'skype.net'                => 'WHITELIST',
    'welcome.skype.com'        => 'WHITELIST',
    'cc.yahoo-inc.com'         => 'WHITELIST',
    'cc.yahoo-inc.com/@yahoo-inc.com' => 'WHITELIST',
    '.linkedin.com'            => 'MILD_WHITELIST',
    'google.com'               => 'MILD_WHITELIST',
    'googlemail.com'           => 'MILD_WHITELIST',
    './@googlegroups.com'      => 'MILD_WHITELIST',
    './@yahoogroups.com'       => 'MILD_WHITELIST',
    './@yahoogroups.co.uk'     => 'MILD_WHITELIST',
    './@yahoogroupes.fr'       => 'MILD_WHITELIST',
    'yousendit.com'            => 'MILD_WHITELIST',
    'meetup.com'               => 'MILD_WHITELIST',
    'dailyhoroscope at astrology.com' => 'MILD_WHITELIST',
  } );

  $policy_bank{'MILD_WHITELIST'} = {
    score_sender_maps => [ { '.' => [-1.8] } ],
  };

  $policy_bank{'WHITELIST'} = {
    bypass_spam_checks_maps => [1],
    spam_lovers_maps => [1],
  };

  $policy_bank{'NOVIRUSCHECK'} = {
    bypass_decode_parts => 1,
    bypass_virus_checks_maps => [1],
    virus_lovers_maps => [1],
  };

  $policy_bank{'NOBANNEDCHECK'} = {
    bypass_banned_checks_maps => [1],
    banned_files_lovers_maps  => [1],
  };



> I'd like to reset the contents_category to CC_CLEAN in the case where my
> own whitelist has cleared the email. Is that possible?
> I'm able to get the current status of the email from per_recip_data and
> contents_category, where I can see that the email has been flagged in
> CC_CLEAN and CC_BANNED ( 1 and 8 ).

Something like this should do:

    $msginfo->contents_category(undef);
    $msginfo->add_contents_category(CC_CLEAN,0);

    for my $r (@{$msginfo->per_recip_data}) {
      $r->contents_category(undef);
      $r->add_contents_category(CC_CLEAN,0);
    }


Mark

More information about the amavis-users mailing list