whitelist

[Gregory Sloop]

Dino...

IIRC the following doesn't work if Amavis is set in postfix as a pre-accept filter, right?
[It seems I looked at doing it this way, but since we use Amavis as a pre MTA-accpet filter, this wasn't even an option. Just wanting to confirm...]

-Greg

DE> Here's how to do it with BONUS blacklist:

DE> In postfix /etc/postfix/main.cf set the following for whitelist senders:

DE> smtpd_sender_restrictions = check_sender_access
DE> hash:/etc/postfix/amavis_senderbypass

DE> In the /etc/postfix/amavis_senderbypass file enter email
DE> addresses and/or domains you wish to whitelist (one per line) as follows:

DE> bob at example.com  FILTER amavis:[127.0.0.1]:10030
DE> example2.com  FILTER amavis:[127.0.0.1]:10030

DE> Ensure you postmap the file and reload postfix

DE> In Amavis /etc/amavis/conf/50_user set the following to whitelist
DE> recipients (ensure port 10030 is available in your system):

DE> $inet_socket_port = [10021, 10030];

DE> # This policy will bypass ALL checks.
DE> read_hash(\%whitelist_sender, '/etc/amavis/white.lst');
DE> @whitelist_sender_maps = (\%whitelist_sender);



DE> $interface_policy{'10030'} = 'BYPASSALLCHECKS';
DE> $policy_bank{'BYPASSALLCHECKS'} = { # mail from the pickup daemon
DE>     log_level => 5,
DE>     bypass_spam_checks_maps   => ['@whitelist_sender_maps'],  # don't spam-check this mail
DE>     bypass_banned_checks_maps => ['@whitelist_sender_maps'],  # don't banned-check this mail
DE>     bypass_header_checks_maps => ['@whitelist_sender_maps'],  # don't header-check this mail
DE>     bypass_virus_checks_maps  => ['@whitelist_sender_maps'],  # don't virus-check this mail
DE> };


DE> In /etc/amavis/white.lst enter the the SAME senders and/or
DE> domains as you set in the /etc/postfix/amavis_senderbypass file
DE> from above but without the  "FILTER amavis:[127.0.0.1]:10030" part as follows (one per line):

DE> bob at example.com 
DE> example2.com 

DE> So basically this tells postfix that any sender matching the list
DE> to inject to Amavis at port 10030 and then Amavis has an interface
DE> policy at 10030 where it takes action according to the policy
DE> settings. You can adjust the Amavis policy as you see fit. In the
DE> example above, it bypasses ALL checks (spam, banned, header and virus) checks.

DE> Here's the blacklist (much simpler)

DE> In /etc/amavis/conf/50_user set the following:

DE> # Blacklist Senders
DE> @blacklist_sender_maps=(read_hash(\%blacklist_sender, '/etc/amavis/black.lst'));

DE> And populate /etc/amavis/black.lst with senders you wish to block.

DE> There is also a way to do a sender to recipient block/allow but
DE> that only bypasses spam checks and it's a bit more complicated to
DE> set. I can send you info on that if you want.

DE> Thanks



DE> -----Original Message-----
DE> From: amavis-users
DE> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org] On Behalf Of Curtis Vaughan
DE> Sent: Thursday, July 11, 2019 4:38 PM
DE> To: amavis-users at amavis.org
DE> Subject: whitelist

DE> I have been unable for a very long time now to figure out how to
DE> whitelist certain email address or domains. 
DE> I have found several different blogs/help sites that "provide" an
DE> answer, but none of them have ever worked. 
DE> Creating whitelists for postfix that referred to by main.cf
DE> definitely haven't worked. Another "solution" involved including a
DE> line in main.cf that basically tried to bypass amavis.
DE> Anyhow, I feel I'm approaching the solution in either case the
DE> wrong way as they concentrate on postfix and not amavis. 
DE> Hopefully someone can't point me in the right direction?
DE> Thanks!

DE> I'm using postfix with amavis on ubuntu. 


-- 
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: gregs at sloop.net
http://www.sloop.net
---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20190712/7d5a2aff/attachment.html>