skip checking for mail address

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed May 20 14:11:43 CEST 2020


Hello,

we managed to change source address of the mail from null <> to the same
that is in From: header, so finally I should be able to avoid scanning.

>>On Mon, 18 May 2020 at 15:37, Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
>>>
>>>seems that addresses used in bypass_virus_checks_maps and
>>>bypass_spam_checks_maps, are the envelope from addresses.
>>>
>>>We have gateway that sends reports with envelope addresses empty ("<>"), but
>>>From: in headers is in form MAILER-DAEMON at mail.gateway
>>>
>>>unfortunately, other mails come through the gateway with emppty envelope
>>>from, so the only address I can safely (gateway takes care of faking the
>>>address) whitelist is therefore the header address.
>>>
>>>is it possible to use header address in whitelisting?
>>>
>>>Or is there any trick to whitelist such address?

>On 18.05.20 15:52, Dominic Raferd wrote:
>>@whitelist_sender_maps whitelists based on either of the From header
>>address or the envelope sender address.

On 18.05.20 19:43, Matus UHLAR - fantomas wrote:
>well, I have tried to $bypass_spam_checks{'address at mail.gateway'}=1;
>
>and with address in From: was scanned and smavisd even logged:
>
>May 18 17:00:11 mail amavis[5414]: (05414-11) Passed CLEAN {RelayedInbound},
>[x.x.x.x]:29354 ESMTP/LMTP <> -> <redacted>, (), Queue-ID: X,
>Message-ID: <... at mail.gateway>, mail_id:
>UWTOVxZdTfiR, b: tpOHtsF7t, Hits: -16, size: 24677, queued_as: Y,
>Subject: "Quarantine Summary: [ 2 message(s) quarantined from Mon, 18 May
>2020 14:00:00 +0200 to Mon, 18 May 2", From: <address at mail.gateway>,
>helo=mail.gateway, Tests:
>[ALL_TRUSTED=-1,BAYES_40=-0.001,HTML_MESSAGE=0.001,USER_IN_DEF_WHITELIST=-15],
>autolearn=no autolearn_force=no, autolearnscore=0.001, 7810 ms
>
>
>>(It is not very good behaviour
>>IMO: I suspect the code was really written for @blacklist_sender_maps
>>and just carried over to work with the whitelist, the behaviour is
>>conservative for a blacklist but risks letting through bad stuff with
>>a whitelist. I don't use this type of whitelisting at all any more.)
>
>I agree that simply whitelisting sender is not safe.  We must make it safe
>ourselves.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".


More information about the amavis-users mailing list