<html><head><title>Re: Sender white list</title>
</head>
<body>
<span style=" font-family:'Courier New'; font-size: 9pt;">None of the white-listing features in Amavis handle banned files.<br>
I've posted a number of times on the list about how I've handled it - so you're welcome to go find those postings for more detail.<br>
<br>
In short, I've used a script that I wrote myself to auto-release banned file quarantines. [I didn't want to try to extend the Amavis code, with all the attendant challenges. Writing a plug-in style script seemed more modular and faced less difficulty.]<br>
<br>
I have Amavis set to generate messages [to the sysop] for each quarantined file.<br>
The system gets those quarantine messages, and parses the text.<br>
<br>
I then have a flat-file I use for the sender+recpient+file-type white-list.<br>
If the sender/recipient/file-type combination matches a white-list entry, the script auto-releases the attachment [bad-file] (My white-list is a few dozen entries at most - so flat-file works just fine. A large mail-system might need something more.)<br>
If not, it stays in quarantine.<br>
Files > 30d, are removed by another script.<br>
<br>
I'd have to see how long exactly, but we've been using it for years, and it's been really useful. <br>
<br>
-Greg<br>
<br>
<span style=" color: #800000;"><b>kgc> Yes, I know sender address can be easily faked.<br>
kgc> I have only incoming path on port 10024 for amavis and port 10026 for<br>
kgc> postfix.<br>
kgc> I need this feature for banned files filtering, not spam or virus check,<br>
kgc> between users inside my domains.<br>
kgc> I try different setups, but they all or don't work or bypassing all mail<br>
kgc> without any filtering.<br>
kgc> Martin's also doesn't work. Seems I do something wrong...<br>
<br>
<br>
<br>
kgc> Martin Johannes Dauser <</b></span></span><a style=" font-family:'courier new'; font-size: 9pt;" href="mailto:mdauser@cs.sbg.ac.at">mdauser@cs.sbg.ac.at</a><span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> писал(а) в своём письме Mon,<br>
kgc> 12 Aug 2019 17:33:38 +0300:<br>
<br>
>> FIRST, be warned that sender address can be spoofed really easily. So<br>
>> you shouldn't put too much trust into them!<br>
<br>
>> I guess you haven't configured incomming and originating/outgoing paths<br>
>> for amavis yet? Something similar to this (ports 10024 and 10026 need to<br>
>> be delivered by your MTA of course):<br>
<br>
<br>
>> @mynetworks_maps = (read_array('/etc/amavisd/mynetworks'),); <br>
>> # IP-addresses regarded as local/originating saved as one IP or one <br>
>> Network with CIDR notation per line<br>
<br>
>> read_hash(\%whitelist_sender, '/etc/amavisd/whitelist_senders');<br>
<br>
>> @listen_sockets = ( # incomming<br>
>> '127.0.0.1:10024',<br>
>> # originating<br>
>> '127.0.0.1:10026',<br>
>> );<br>
<br>
<br>
>> $interface_policy{'10024'} = 'INCOMMING';<br>
>> $interface_policy{'10026'} = 'ORIGINATING';<br>
<br>
>> $policy_bank{'INCOMMING'} = {<br>
>> # set incomming mails as NOT-originating <br>
>> originating => 0,<br>
<br>
>> # mails from trusted envelope senders won't get scanned <br>
>> by Spamassassin<br>
>> whitelist_sender_maps => [ \%whitelist_sender ],<br>
<br>
>> # other settings<br>
>> #...<br>
>> };<br>
<br>
<br>
>> $policy_bank{'ORIGINATING'} = {<br>
>> # set local smtpd as originating<br>
>> originating => 1,<br>
<br>
>> # other settings<br>
>> #...<br>
>> }; <br>
<br>
>> ----------<br>
>> An alternative is to modify spam scores of senders. This defines a bonus<br>
>> or malus on spamassassin's values. You may have even different values<br>
>> depending on recipients. E.g. </b></span><a style=" font-family:'courier new'; font-size: 9pt;" href="mailto:'user@domain.tld">'user@domain.tld'</a><span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b> and global '.' which<br>
>> means 'any other' and must set as last line in @score_sender_maps.<br>
<br>
<br>
>> @score_sender_maps = (<br>
>> { </b></span><a style=" font-family:'courier new'; font-size: 9pt;" href="mailto:'user@domain.tld">'user@domain.tld'</a><span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b> => [ <br>
>> read_hash('/etc/amavisd/sender_scores_user'), ],<br>
>> '.' => [ read_hash('/etc/amavisd/sender_scores_sitewide'), ],<br>
>> }<br>
>> );<br>
<br>
<br>
>> Within /etc/amavisd/sender_scores_sitewide<br>
<br>
>> # Descr.: Hash Lookup (associative array lookup) for global soft <br>
>> white-/blacklsting# Note.: see <br>
</b></span><a style=" font-family:'courier new'; font-size: 9pt;" href="https://amavis.org/README.lookups.txt">>> https://amavis.org/README.lookups.txt</a><span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b> for details about hash lookups<br>
>> # Format of the text file: one address per line<br>
>> # Each address can have an associated optional value <br>
>> (also known as the<br>
>> # 'righthand side' or RHS) separated from the address by <br>
>> whitespace.<br>
>> # An absence of a value implies 1.<br>
<br>
<br>
</b></span><a style=" font-family:'courier new'; font-size: 9pt;" href="mailto:some.spammer@some.server.net">>> some.spammer@some.server.net</a><span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b> 1.0<br>
>> domain.spamschleu.de 8.0<br>
<br>
</b></span><a style=" font-family:'courier new'; font-size: 9pt;" href="mailto:someone.nice@trusted.net">>> someone.nice@trusted.net</a><span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b> -5.0<br>
>> trusted.doma.in -3.5<br>
<br>
<br>
>> Greetings<br>
>> Martin<br>
<br>
>> On Mon, 2019-08-12 at 11:19 +0300, </b></span><a style=" font-family:'courier new'; font-size: 9pt;" href="mailto:korsar182@gmail.com">korsar182@gmail.com</a><span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b> wrote:<br>
>>> Hi, is there any way to make whitelist for senders? Weird, but<br>
>>> read_hash(\%whitelist_sender, '/etc/amavisd/whitelist');<br>
>>> @whitelist_sender_maps = (\%whitelist_sender);<br>
>>> make it for recipients, not senders...<br>
<br>
</b><span style=" font-family:'arial'; font-size: 8pt; color: #c0c0c0;"><i>-- <br>
Gregory Sloop, Principal: Sloop Network & Computer Consulting<br>
Voice: 503.251.0452 x82<br>
EMail: </i></span></span><a style=" font-family:'arial';" href="mailto:gregs@sloop.net">gregs@sloop.net</a><br>
<a style=" font-family:'arial';" href="http://www.sloop.net">http://www.sloop.net</a><br>
<span style=" font-family:'arial'; color: #c0c0c0;"><i>---</body></html>