black/whitelisting per-sender-recipient

Pasi Kärkkäinen pasik at iki.fi
Wed Dec 17 17:41:35 CET 2014


Hello,

On Wed, Mar 07, 2012 at 07:01:31PM +0100, Mark Martinec wrote:
> Jeroen,
> 
> > I'm configuring new spam/virus gateways. As far as I know it's currently
> > not possible with amavis to black/whitelist for example bad headers and
> > viruses on a per sender-recipient basis.
> 
> Currently it is only possible to do so using @author_to_policy_bank_maps,
> provided the mail has a valid DKIM signature. This is similiar
> to SpamAssassin's setting whitelist_from_dkim, but more flexible.
> 
> Whitelisting only applies to spam checks. It would be too risky to
> skip virus or banning checks based on an unproven sender identity.
> 
> There is no such concern against *blacklisting* the virus or banning checks
> based on a sender identity (proven or not), although it is probably
> not very useful.
> 
> It would possibly make sense to add some other authentication mechanism
> besides the DKIM signature, perhaps based on a sender's mailer IP address
> or based on SPF, similar to SpamAssassin's whitelist_from_spf and
> whitelist_from_rcvd. But I don't find it acceptable to just naively
> believe the From or a sender envelope address for these purposes.
> 
> I wouldn't mind extending the whitelisting to bad header checks though,
> as failing these is mostly harmless. But I guess there is not much
> demand, as mail with bad headers is by default and commonly
> just passed to a recipient, with a warning added.
> 

Replying to an old thread.. 

Does anyone know if current amavisd-new versions allow whitelisting *senders* from bad header checks? 

I have a system where bad headers will cause the email to be bounced (system wide setting),
so I'd need the per-sender whitelisting.. (yes I know it's easy to fake sender addresses etc :) 


Thanks,

-- Pasi




More information about the amavis-users mailing list