Home / server / Questions / 349965
In Process
mailq
Asked: 2012-01-15 12:36:43 +0800 CST

How to configure amavisd-new for only scanning on particular senders/servers?

  • 772

I'd like to know how to configure amavisd-new to only scan for Spam on particular clients (IPs, CIDRs or hostnames) or alternatively sender's email domain.

I know that it is possible to do it on a recipient's mail address but not on how to do it for the sender's mail address. It is even possible to do it on a recipient's IP address with policy banks. But my approach should be to be independent of recipient and only relay on the sender.

What I want to accomplish is to only scan mails originating from Yahoo, Google, Hotmail and the other big senders. So it is easier to configure which senders should be observed than the ones that shouldn't.

I known that it is easier to achieve on the MTA side, but that is not part of the question because I already go a solution on the MTA side. I want to do it on amavisd-new. And it doesn't help to know how to put senders on a whitelist, as this still means that the mail goes through all the scanning but then gets a high negative score. The mail shouldn't be scanned at all unless sent by the big players.

So which parameters in amavisd-new is the right one to enable scanning for particular senders and only for these?

spam-filter amavis

1 Answers

  1. Amavisd whitelist all except certain domain

    What you need is whitelist_sender_map (here) with regex lookaround (here)

    Whitelist all except Domain.X

    @whitelist_sender_maps = ( new_RE(
    qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i
));

    Whitelist all except Domain And Sub-Domain of X

    @whitelist_sender_maps = ( new_RE(
    qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i
));

    Modifying

    For example, adding msn.com to whitelist exception

    @whitelist_sender_maps = ( new_RE(
    qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$|msn\.com$))'i
));

    DON'T BREAK THAT RULE INTO MULTIPLE RULES, IT IS NOT WHAT YOU WANT

    Breaking the rules in 2 or more lines will WHITELIST EVERYTHING!!

    (I will put this section in red if possible)

    In simple terms, whitelist is a sequencial check, one line/rule at a time.

    Let look at the following WRONG example

    # DO NOT COPY THIS
@whitelist_sender_maps = ( new_RE(
    qr'@(?!(gmail\.com$|hotmail\.com$))'i,
    qr'@(?!(aol\.com$|msn\.com$))'i
));
# DO NOT COPY THIS
    1. Anything from msn.com will pass, because the 1st line return TRUE, and the check stop.
    2. Anything from gamil.com will pass, because after failing the 1st line, amavisd move to the 2nd line, which will return TRUE.
    3. What about domain not in the list? They will pass. This is the intention of the rule!

    You end up whitelisting all senders!!

    Perl Testing Program

    #!/usr/bin/perl

use strict;

# Reject Domain & Sub-Domain
#my $REGinfo='==Reject Domain & Sub-Domain=='
#my $REG=qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i;

# Exact domain only
my $REGinfo='==Exact Domain Only==';
my $REG=qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i;

print $REGinfo."\n";
print '$REG='.$REG."\n\n";

my @strTest = (
    '[email protected]',
    '[email protected]',
    '[email protected]',
    '[email protected]',
    '[email protected]',
    '[email protected]',
    '[email protected]'
);

for my $i (0 .. $#strTest){
    if ($strTest[$i] =~ $REG) {
        print ("Pass $strTest[$i]\n");
    }
    else {
        print ("Fail $strTest[$i]\n");
    }
}
    • 1