Pflogsumm emails through amavisd and SA hitting BAYES_99
Simon Wilson
simon at simonandkate.net
Fri Apr 28 14:10:23 CEST 2017
----- Message from Simon Wilson <simon at simonandkate.net> ---------
Date: Fri, 28 Apr 2017 21:43:31 +1000
From: Simon Wilson <simon at simonandkate.net>
Reply-To: simon at simonandkate.net
Subject: Re: Pflogsumm emails through amavisd and SA hitting BAYES_99
To: amavis-users at amavis.org
> ----- Message from Dominic Raferd <dominic at timedicer.co.uk> ---------
> Date: Fri, 28 Apr 2017 11:55:03 +0100
> From: Dominic Raferd <dominic at timedicer.co.uk>
> Subject: Re: Pflogsumm emails through amavisd and SA hitting BAYES_99
> To: amavis-users at amavis.org
>
>
>> On 28 April 2017 at 11:34, Simon Wilson <simon at simonandkate.net> wrote:
>>
>>> Hi all,
>>>
>>> I have pflogsumm running log summaries on my postfix install, and sending
>>> to an address that resolves locally. All is on localhost, which is a newly
>>> installed CentOS7 server, amavisd-new 2.10.1 from EPEL.
>>>
>>> The pflogsumm emails from root are triggering BAYES_99 as they go through
>>> amavisd-new and spamassassin, and are often ending up marked as spam.
>>>
>>> What's the best way to ensure that those are not flagged as spam, or
>>> potentially to whitelist them somehow?
>>
>>
>> You can whitelist sender addresses, would this solve your problem? I have
>> these lines in /etc/amavis/conf.d/50-user​:
>>
>> read_hash(\%whitelist_sender, '/etc/amavis/whitelist');
>> @whitelist_sender_maps = (\%whitelist_sender);
>> bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't
>> spam-check this mail
>> bypass_banned_checks_maps => ['@whitelist_sender_maps'], # don't
>> banned-check this mail
>> bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't
>> header-check this mail
>>
>> File /etc/amavis/whitelist contains a line-by-line list of whitelisted
>> addresses. To whitelist a whole domain, just precede with a dot. Examples:
>>
>> fred at bloggs.com
>> .spammers-united.com
>>
>> HTH, Dominic
>
>
> ----- End message from Dominic Raferd <dominic at timedicer.co.uk> -----
>
> Thanks Dominic... it seems like a bit of a 'sledgehammer' to
> whitelist a sender address, when sender addresses can be spoofed.
> Perhaps I'm being paranoid :) Keen to hear feedback on that (the
> approach, not whether I am paranoid :) ).
>
> One thing I just noticed is that pflogsumm emails are dropped into
> Postfix (and thence into Amavisd) via postfix/pickup not
> postfix/smtpd. I wonder if there is a way there to mark emails from
> localhost root that are fed into postfix/pickup as being not
> spam-checked.
>
> Simon.
>
>
> --
> Simon Wilson
> M: 0400 12 11 16
----- End message from Simon Wilson <simon at simonandkate.net> -----
Google found me this:
http://verchick.com/mecham/public_html/spam/bypassing.html#11
Describes either setting postfix/pickup to completely bypass amavisd,
or to set a less restrictive amavisd policy bank.
I'll explore and see how it goes.
Simon
--
Simon Wilson
M: 0400 12 11 16
More information about the amavis-users
mailing list