Re: [AMaViS-user] Whitelisting monster.com ?

Thu, 09 Aug 2007 07:30:45 -0700 

On 8/9/07, Mike Leone <[EMAIL PROTECTED]> wrote:
> I realize this is a bit OT, but before I subscribe to the very high volume
> SpamAssassin list, I thought I'd check here first, since someone here may
> have already solved this problem.
>
> I use amavsid-new 2.4.2 with spamassassin 3.1.7, on debian testing. We're
> receiving responses for jobs we've posted on monster.com. The thing is, the
> envelope FROM:  shows that the sender is the respondent. monster.com is 
> mentioned
> only in the Received: headers.
>
> And every single email is being tagged as spam, and quarantined. :-)
>
> I can't use the amavisd-new whitelist, since that goes by envelope FROM:,
> and these emails are all from different people. So I put
>
> whitelist_from_rcvd     [EMAIL PROTECTED] .monster.com
>
> in my /etc/spamasssassin/local.cf, but that doesn't seem to have done the
> trick.
>
> Anybody know what I need to do, to whitelist these types of emails?
>
> Thanks
>

Try dropping the period:
whitelist_from_rcvd  [EMAIL PROTECTED]  monster.com

AFAIK this will only look at the first 'untrusted' relay, so your
internal_networks must be correct.

However, if the:
Envelope-Sender: or Resent-Sender: or X-Envelope-From: or From:
is not @monster.com, then this may not work.

You could probably create (in postfix) a regex (or cidr) client access
map that sets the FILTER to a different port that has a policy bank
with a higher kill_level (and tag2_level).

# change this from the original setting
$inet_socket_port = [10024, 10026];

# add these
$interface_policy{'10026'} = 'MONSTER';

$policy_bank{'MONSTER'} = {
  spam_kill_level_maps => [15.0],
  spam_tag2_level_maps => [15.0],
};

smtpd_client_restrictions =
    check_client_access cidr:/etc/postfix/monster_cidr

/etc/postfix/monster_cidr:
63.121.29.0/24 FILTER smtp-amavis:[127.0.0.1]:10026

or
check_client_access regex:/etc/postfix/monster_regex

with the rDNS hostname(s) in regex form in monster_regex

-- 
Gary V

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to