Example of LDAP or mysql site-wide black/white listing ?

[Martin Johannes Dauser]

Hi,

I myself haven't used LDAP in conjunction with amavis, but fast reading
the documentation I'd say you may get a __userbased__ hard
black/whitelist with LDAP using attributes 'amavisBlacklistSender' and
'amavisWhitelistSender'.

Point is, those attributes can only save the sender's addresses,
nothing more. So soft black/whitelisting with it's spamassassin score
modifier can't be defined. I guess LDAP is quite limited regarding
saving a value pair to an attribute, especially if multiple pairs
should be possible.

I think, there is no way to define a __site-wide__ whitelist with LDAP
as those entries are always within a user's LDAP entry. But you may
combine a lookup to a site-wide static file with a user based LDAP
lookup. 'The SQL and LDAP are somewhat specific and are always
consulted first.'[1]  So, as soon as LDAP is enabled it should be
considered:

$enable_ldap  = 1;
$ldap_lookups_no_at_means_domain = 0(=default) or 1 

$default_ldap = {
    hostname      => [ 'localhost', 'ldap2.example.com' ],
    timeout       => 5,
    tls           => 0,
    base          => 'ou=People,dc=example,dc=com',
    query_filter  => '(&(objectClass=amavisAccount)(mail=%m))',
};

read_hash(\%whitelist_sender, '/etc/amavis/whitelist');
@whitelist_sender_maps = (\%whitelist_sender);

[1] https://www.ijs.si/software/amavisd/README.ldap

Best regards
Martin Johannes Dauser


On Mon, 2018-03-26 at 13:01 +1100, David Dodd wrote:
> 
> LDAP gives me hard per-recipient black/white lists.
> 

> I am correct or am I missing something ?
> 

> If someone has a a working LDAP based site-wide soft black/white
> list, can you
> point at how to do this ?
> 

> Thanks in advance,
> 
> -- David Dodd