Whitelisting by IP address

Michael H michael at wemoto.com
Thu Mar 10 12:59:30 CET 2016 

On 10/03/16 11:02, Michael H wrote:
> On 10/03/16 10:43, Michael H wrote:
>> On 10/03/16 03:53, Tom Johnson wrote:
>>>
>>>
>>> On Mar 9, 2016, at 7:11 PM, Indunil Jayasooriya <indunil75 at gmail.com
>>> <mailto:indunil75 at gmail.com>> wrote:
>>>
>>>>
>>>>
>>>> On Thu, Mar 10, 2016 at 12:57 AM, Tom Johnson <tj at terramar.net
>>>> <mailto:tj at terramar.net>> wrote:
>>>>
>>>>     I'm sorry if I wasn't clear - adding to trusted_networks is not an
>>>>     option.  Different users have different needs.  One person might
>>>>     want x.x.x.x whitelisted, but another may not.  
>>>>
>>>>
>>>>     Why don't you need to whitelist or blacklist domains per user
>>>> basis in following way in amavisd.conf file
>>>>
>>>>     # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
>>>>
>>>> @score_sender_maps = ({ # a by-recipient hash lookup table,
>>>>                        
>>>
>>> We do whitelisting and blacklisting if senders (using sql). 
>>>
>>> But we also have some customers who need to whitelist everything coming
>>> from a given ip address. 
>>
>>
>> Hi,
>>
>> This is on topic but not quite as the previous thread required.
>>
>> I have amended my spamassassin/local.cf and added trusted_networks and
>> internal_networks with all of my IP addresses listed.
>>
>> I have an alarm system that is emailing without a date field in the
>> headers, this email originates from an IP address in my trusted_networks
>> but is still being blocked by amavisd.
>>
>> Could someone please tell me the correct way to whitelist IP addresses
>> so that it is applied to amavisd as well as spamassassin?
>>
>> thanks
>>
>> Michael
>>
> 
> Sorry, that was a little vague,
> 
> cat /etc/amavisd/amavis.conf
> 
> [...]
> @mynetworks = qw( 127.0.0.0/8 [::1]
>                   10.0.0.0/8
>                   172.16.0.0/12
>                   192.168.0.0/16
>                   XXX.XXX.XXX.XXX/32
> );
> 
> 
> # allow all mail from local IPs:
> $policy_bank{'MYNETS'} = {  # clients in @mynetworks
>   bypass_spam_checks_maps   => [1],  # don't spam-check internal mail
>   bypass_banned_checks_maps => [1],  # don't banned-check internal mail
>   bypass_header_checks_maps => [1],  # don't header-check internal mail
> };
> [...]
> 
> cat /etc/mail/spamassassin/local.cf
> [...]
> required_hits 6
> report_safe 0
> rewrite_header Subject [SPAM]
> 
> internal_networks [IP's of my MX's]
> 
> trusted_networks [lots of ip addresses]
> [...]
> 
> The IP address is in both of these files but the mail is still being
> checked, what did I do wrong here?
> 
> thanks
> 

And here is the message being blocked;

Mar 10 11:57:54 mail1 amavis[22633]: (22633-07) Blocked BAD-HEADER-0
{BouncedInternal,Quarantined}, MYNETS LOCAL [XXX.XXX.XXX.XXX]:12001
[XXX.XXX.XXX.XXX] <user at domain.com> -> <user at domain.com>, quarantine:
badh-CgHOR2w6yANk, Queue-ID: 18EC6818E735, mail_id: CgHOR2w6yANk, Hits:
-, size: 461, 194 ms

Michael

More information about the amavis-users mailing list