Sender white list

Gregory Sloop gregs at sloop.net
Tue Aug 13 17:51:46 CEST 2019 

None of the white-listing features in Amavis handle banned files.
I've posted a number of times on the list about how I've handled it - so you're welcome to go find those postings for more detail.

In short, I've used a script that I wrote myself to auto-release banned file quarantines. [I didn't want to try to extend the Amavis code, with all the attendant challenges. Writing a plug-in style script seemed more modular and faced less difficulty.]

I have Amavis set to generate messages [to the sysop] for each quarantined file.
The system gets those quarantine messages, and parses the text.

I then have a flat-file I use for the sender+recpient+file-type white-list.
If the sender/recipient/file-type combination matches a white-list entry, the script auto-releases the attachment [bad-file] (My white-list is a few dozen entries at most - so flat-file works just fine. A large mail-system might need something more.)
If not, it stays in quarantine.
Files > 30d, are removed by another script.

I'd have to see how long exactly, but we've been using it for years, and it's been really useful. 

-Greg

kgc> Yes, I know sender address can be easily faked.
kgc> I have only incoming path on port 10024 for amavis and port 10026 for
kgc> postfix.
kgc> I need this feature for banned files filtering, not spam or virus check,
kgc> between users inside my domains.
kgc> I try different setups, but they all or don't work or bypassing all mail
kgc> without any filtering.
kgc> Martin's also doesn't work. Seems I do something wrong...



kgc> Martin Johannes Dauser <mdauser at cs.sbg.ac.at> писал(а) в своём письме Mon,
kgc> 12 Aug 2019 17:33:38 +0300:

>> FIRST, be warned that sender address can be spoofed really easily. So
>> you shouldn't put too much trust into them!

>> I guess you haven't configured incomming and originating/outgoing paths
>> for amavis yet? Something similar to this (ports 10024 and 10026 need to
>> be delivered by your MTA of course):


>> @mynetworks_maps    = (read_array('/etc/amavisd/mynetworks'),);          
>> # IP-addresses regarded as local/originating saved as one IP or one  
>> Network with CIDR notation per line

>> read_hash(\%whitelist_sender, '/etc/amavisd/whitelist_senders');

>> @listen_sockets = ( # incomming
>>                      '127.0.0.1:10024',
>>                     # originating
>>                      '127.0.0.1:10026',
>>                    );


>> $interface_policy{'10024'} = 'INCOMMING';
>> $interface_policy{'10026'} = 'ORIGINATING';

>> $policy_bank{'INCOMMING'} = {
>>                 # set incomming mails as NOT-originating 
>>                   originating                 => 0,

>>                 # mails from trusted envelope senders won't get scanned  
>> by Spamassassin
>>                   whitelist_sender_maps       => [ \%whitelist_sender ],

>>                 # other settings
>>                   #...
>>                 };


>> $policy_bank{'ORIGINATING'} = {
>>                 # set local smtpd as originating
>>                   originating                  => 1,

>>                 # other settings
>>                   #...
>>                 };  

>> ----------
>> An alternative is to modify spam scores of senders. This defines a bonus
>> or malus on spamassassin's values. You may have even different values
>> depending on recipients. E.g. 'user at domain.tld' and global '.' which
>> means 'any other' and must set as last line in @score_sender_maps.


>> @score_sender_maps = (
>>         { 'user at domain.tld'    =>  [  
>> read_hash('/etc/amavisd/sender_scores_user'), ],
>>           '.' =>  [ read_hash('/etc/amavisd/sender_scores_sitewide'), ],
>>         }
>> );


>> Within /etc/amavisd/sender_scores_sitewide

>> # Descr.:       Hash Lookup (associative array lookup) for global soft  
>> white-/blacklsting# Note.:        see  
>> https://amavis.org/README.lookups.txt for details about hash lookups
>> #                Format of the text file: one address per line
>> #                Each address can have an associated optional value  
>> (also known as the
>> #                'righthand side' or RHS) separated from the address by  
>> whitespace.
>> #                An absence of a value implies 1.


>> some.spammer at some.server.net         1.0
>> domain.spamschleu.de                 8.0

>> someone.nice at trusted.net            -5.0
>> trusted.doma.in                     -3.5


>> Greetings
>> Martin

>> On Mon, 2019-08-12 at 11:19 +0300, korsar182 at gmail.com wrote:
>>> Hi, is there any way to make whitelist for senders? Weird, but
>>> read_hash(\%whitelist_sender, '/etc/amavisd/whitelist');
>>> @whitelist_sender_maps = (\%whitelist_sender);
>>> make it for recipients, not senders...

-- 
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: gregs at sloop.net
http://www.sloop.net
---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20190813/cb2d2ebe/attachment.html>

More information about the amavis-users mailing list