Whitelisting by IP address

Michael H michael at wemoto.com
Thu Mar 10 14:44:24 CET 2016 

On 10/03/16 11:59, Michael H wrote:
> On 10/03/16 11:02, Michael H wrote:
>> On 10/03/16 10:43, Michael H wrote:
>>> On 10/03/16 03:53, Tom Johnson wrote:
>>>>
>>>>
>>>> On Mar 9, 2016, at 7:11 PM, Indunil Jayasooriya <indunil75 at gmail.com
>>>> <mailto:indunil75 at gmail.com>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Thu, Mar 10, 2016 at 12:57 AM, Tom Johnson <tj at terramar.net
>>>>> <mailto:tj at terramar.net>> wrote:
>>>>>
>>>>>     I'm sorry if I wasn't clear - adding to trusted_networks is not an
>>>>>     option.  Different users have different needs.  One person might
>>>>>     want x.x.x.x whitelisted, but another may not.  
>>>>>
>>>>>
>>>>>     Why don't you need to whitelist or blacklist domains per user
>>>>> basis in following way in amavisd.conf file
>>>>>
>>>>>     # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
>>>>>
>>>>> @score_sender_maps = ({ # a by-recipient hash lookup table,
>>>>>                        
>>>>
>>>> We do whitelisting and blacklisting if senders (using sql). 
>>>>
>>>> But we also have some customers who need to whitelist everything coming
>>>> from a given ip address. 
>>>
>>>
>>> Hi,
>>>
>>> This is on topic but not quite as the previous thread required.
>>>
>>> I have amended my spamassassin/local.cf and added trusted_networks and
>>> internal_networks with all of my IP addresses listed.
>>>
>>> I have an alarm system that is emailing without a date field in the
>>> headers, this email originates from an IP address in my trusted_networks
>>> but is still being blocked by amavisd.
>>>
>>> Could someone please tell me the correct way to whitelist IP addresses
>>> so that it is applied to amavisd as well as spamassassin?
>>>
>>> thanks
>>>
>>> Michael
>>>
>>
>> Sorry, that was a little vague,
>>
>> cat /etc/amavisd/amavis.conf
>>
>> [...]
>> @mynetworks = qw( 127.0.0.0/8 [::1]
>>                   10.0.0.0/8
>>                   172.16.0.0/12
>>                   192.168.0.0/16
>>                   XXX.XXX.XXX.XXX/32
>> );
>>
>>
>> # allow all mail from local IPs:
>> $policy_bank{'MYNETS'} = {  # clients in @mynetworks
>>   bypass_spam_checks_maps   => [1],  # don't spam-check internal mail
>>   bypass_banned_checks_maps => [1],  # don't banned-check internal mail
>>   bypass_header_checks_maps => [1],  # don't header-check internal mail
>> };
>> [...]
>>
>> cat /etc/mail/spamassassin/local.cf
>> [...]
>> required_hits 6
>> report_safe 0
>> rewrite_header Subject [SPAM]
>>
>> internal_networks [IP's of my MX's]
>>
>> trusted_networks [lots of ip addresses]
>> [...]
>>
>> The IP address is in both of these files but the mail is still being
>> checked, what did I do wrong here?
>>
>> thanks
>>
> 
> And here is the message being blocked;
> 
> Mar 10 11:57:54 mail1 amavis[22633]: (22633-07) Blocked BAD-HEADER-0
> {BouncedInternal,Quarantined}, MYNETS LOCAL [XXX.XXX.XXX.XXX]:12001
> [XXX.XXX.XXX.XXX] <user at domain.com> -> <user at domain.com>, quarantine:
> badh-CgHOR2w6yANk, Queue-ID: 18EC6818E735, mail_id: CgHOR2w6yANk, Hits:
> -, size: 461, 194 ms
> 
> Michael
> 


I'll answer myself then;

Configuring like this fails;
# allow all mail from local IPs:
$policy_bank{'MYNETS'} = {  # clients in @mynetworks
  bypass_spam_checks_maps   => [1],  # don't spam-check internal mail
  bypass_banned_checks_maps => [1],  # don't banned-check internal mail
  bypass_header_checks_maps => [1],  # don't header-check internal mail
};

adding these two lines solved it;

># allow all mail from local IPs:
>$policy_bank{'MYNETS'} = {  # clients in @mynetworks
  originating => 1,  # is true in MYNETS by default
  os_fingerprint_method => undef,  # don't query p0f
>  bypass_spam_checks_maps   => [1],  # don't spam-check internal mail
>  bypass_banned_checks_maps => [1],  # don't banned-check internal mail
>  bypass_header_checks_maps => [1],  # don't header-check internal mail
>};

Michael

More information about the amavis-users mailing list