Pflogsumm emails through amavisd and SA hitting BAYES_99

Peter Santiago vanyell2001 at gmail.com
Fri Apr 28 13:54:19 CEST 2017 

Create a two instance postfix setup.. the localhost instance handles the
pflogsumm emails

On Apr 28, 2017 19:44, "Simon Wilson" <simon at simonandkate.net> wrote:

----- Message from Dominic Raferd <dominic at timedicer.co.uk> ---------
   Date: Fri, 28 Apr 2017 11:55:03 +0100
   From: Dominic Raferd <dominic at timedicer.co.uk>
Subject: Re: Pflogsumm emails through amavisd and SA hitting BAYES_99
     To: amavis-users at amavis.org



On 28 April 2017 at 11:34, Simon Wilson <simon at simonandkate.net> wrote:
>
> Hi all,
>>
>> I have pflogsumm running log summaries on my postfix install, and sending
>> to an address that resolves locally. All is on localhost, which is a newly
>> installed CentOS7 server, amavisd-new 2.10.1 from EPEL.
>>
>> The pflogsumm emails from root are triggering BAYES_99 as they go through
>> amavisd-new and spamassassin, and are often ending up marked as spam.
>>
>> What's the best way to ensure that those are not flagged as spam, or
>> potentially to whitelist them somehow?
>>
>
>
> You can whitelist sender addresses, would this solve your problem? I have
> these lines in /etc/amavis/conf.d/50-user​:
>
> read_hash(\%whitelist_sender, '/etc/amavis/whitelist');
> @whitelist_sender_maps = (\%whitelist_sender);
>     bypass_spam_checks_maps   => ['@whitelist_sender_maps'],  # don't
> spam-check this mail
>     bypass_banned_checks_maps => ['@whitelist_sender_maps'],  # don't
> banned-check this mail
>     bypass_header_checks_maps => ['@whitelist_sender_maps'],  # don't
> header-check this mail
>
> File /etc/amavis/whitelist contains a line-by-line list of whitelisted
> addresses. To whitelist a whole domain, just precede with a dot. Examples:
>
> fred at bloggs.com
> .spammers-united.com
>
> HTH, Dominic
>


----- End message from Dominic Raferd <dominic at timedicer.co.uk> -----

Thanks Dominic... it seems like a bit of a 'sledgehammer' to whitelist a
sender address, when sender addresses can be spoofed. Perhaps I'm being
paranoid :) Keen to hear feedback on that (the approach, not whether I am
paranoid :) ).

One thing I just noticed is that pflogsumm emails are dropped into Postfix
(and thence into Amavisd) via postfix/pickup not postfix/smtpd. I wonder if
there is a way there to mark emails from localhost root that are fed into
postfix/pickup as being not spam-checked.


Simon.


-- 
Simon Wilson
M: 0400 12 11 16
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20170428/c7eb8001/attachment.html>

More information about the amavis-users mailing list