On 8/9/07, Leone, Michael <[EMAIL PROTECTED]> wrote:
> ->
> -> Try dropping the period:
> -> whitelist_from_rcvd [EMAIL PROTECTED] monster.com
>
> I will try that, thanks
After seeing the headers, this won't work.
>
> ->
> -> AFAIK this will only look at the first 'untrusted' relay, so your
> -> internal_networks must be correct.
> ->
> -> However, if the:
> -> Envelope-Sender: or Resent-Sender: or X-Envelope-From: or From:
> -> is not @monster.com, then this may not work.
>
> Here's a sample header:
> (X-Envelope-Header changed to hide real sender's email address)
>
> Microsoft Mail Internet Headers Version 2.0
> X-Envelope-From: <[EMAIL PROTECTED]>
> X-Envelope-To: <[EMAIL PROTECTED]>
> X-Quarantine-ID: <EVot6gS6N0ku>
> X-Spam-Flag: YES
> X-Spam-Score: 6.361
> X-Spam-Level: ******
> X-Spam-Status: Yes, score=6.361 tag=-999 tag2=3.9 kill=3.9
> tests=[BAYES_99=2.5, HTML_MESSAGE=0.001,
> HTML_TEXT_AFTER_BODY=0.115,
> HTML_TITLE_EMPTY=0.214, MIME_HTML_ONLY=0.001,
> NO_REAL_NAME=0.961,
> SARE_HTML_HTML_BEFORE=0.718, SARE_HTML_INV_TAG3=1.365,
> SARE_HTML_URI_NODOT2=0.296, SUBJ_HAS_UNIQ_ID=0.19]
> Received: from cliff-claven.contributionship.com ([127.0.0.1])
> by localhost (cliff-clavin.contributionship.com [127.0.0.1])
> (amavisd-new, port 10024)
> with SMTP id EVot6gS6N0ku for <[EMAIL PROTECTED]>;
> Wed, 8 Aug 2007 21:49:29 -0400 (EDT)
> Received: from mailman102-q0.ma.tmpw.net (mailman102-q0.ma.tmpw.net
> [63.112.170.13])
> by cliff-claven.contributionship.com (Postfix) with SMTP id
> B8E071B0ED
> for <[EMAIL PROTECTED]>; Wed, 8 Aug 2007 21:49:28
> -0400 (EDT)
It's tmpw.net that is monster's server - and it's likely the first
untrusted server - hence it would go on the right hand side of
whitelist_from_rcvd but since the mail is not from @monster.com, this
still would not work.
> Received: (qmail 23817 invoked from network); 9 Aug 2007 01:49:32 -0000
> Received: from batch102.monster.com (HELO BATCH102) (10.50.10.187)
> by mailman102-q0.ma.tmpw.net with SMTP; 9 Aug 2007 01:49:32 -0000
> Received: from mail pickup service by BATCH102 with Microsoft SMTPSVC;
> Wed, 8 Aug 2007 20:49:32 -0500
> thread-index: AcfaJ4eozthVJw3DQPezrQephqSy0Q==
> Thread-Topic: 60932078 Corporate Controller Monster Resume #128062077
> Reply-To: <[EMAIL PROTECTED]>
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: 60932078 Corporate Controller Monster Resume #128062077
> Date: Wed, 8 Aug 2007 20:49:31 -0500
> Message-ID: <[EMAIL PROTECTED]>
> MIME-Version: 1.0
> Content-Type: text/html;
> charset="iso-8859-1"
> X-Mailer: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
> X-OriginalArrivalTime: 09 Aug 2007 01:49:32.0007 (UTC)
> FILETIME=[87C9AF70:01C7DA27]
> Content-Transfer-Encoding: quoted-printable
> Return-Path: [EMAIL PROTECTED]
>
> So the only place Monster is mentioned is in one Received: line (and in
> the subject).
>
I don't think whitelist_from_rcvd will work.
> ->
> -> You could probably create (in postfix) a regex (or cidr)
> -> client access
> -> map that sets the FILTER to a different port that has a policy bank
> -> with a higher kill_level (and tag2_level).
>
> OK ... Bit advanced for me, but I will consider it ...
>
> ->
> -> # change this from the original setting
> -> $inet_socket_port = [10024, 10026];
> ->
> -> # add these
> -> $interface_policy{'10026'} = 'MONSTER';
> ->
> -> $policy_bank{'MONSTER'} = {
> -> spam_kill_level_maps => [15.0],
> -> spam_tag2_level_maps => [15.0],
> -> };
>
> That's in postfix? How does postfix know about spam_kill_level_maps? I'm
> confused ...
>
Sorry, the policy bank part would be in amavisd.conf.
> ->
> -> smtpd_client_restrictions =
> -> check_client_access cidr:/etc/postfix/monster_cidr
> ->
> -> /etc/postfix/monster_cidr:
> -> 63.121.29.0/24 FILTER smtp-amavis:[127.0.0.1]:10026
>
> Wasn't aware that that was monster's IP range. :-)
It was only an example. Don't use it verbatim. You would have to grep
your logs for all the addresses. Maybe use the monster_regexp instead.
>
> ->
> -> or
> -> check_client_access regexp:/etc/postfix/monster_regexp
> ->
> -> with the rDNS hostname(s) in regex form in monster_regexp
>
> .monster.com OK
>
> Like that? I am unsure of what all the hosts that would send mail are
> named (I see batch102.monster.com above, but who knows what all the
> hosts are named ...)
>
> Thanks
>
Probably more like (but I'm sure someone else could do better - make
it more specific):
/^.*\..*\.tmpw.net$/ FILTER smtp-amavis:[127.0.0.1]:10026
Note: I corrected regex: to regexp:
If 'postconf -m' shows 'pcre', then you may optionally substitute
pcre: for regexp:
--
Gary V
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
