On 2018-02-05 11:26, chaouche yacine wrote: > From: Karol Augustin <[email protected]> > To: [email protected] > Sent: Monday, February 5, 2018 12:09 PM > Subject: Re: Whitelist advice, correct way to minimize score > >> On 2018-02-05 10:11, chaouche yacine wrote: > >>> I recently had to whitelist an IP that belongs to one of our machines >>> (kaspersky center sending reports by e-mail), but I didn't know how to do >>> that with amavis and did it with postfix instead. >>> Is there an equivalent of 'whitelist_from_spf' for IPs ? or does it accept >>> an IP as argument ? >>> >>> Yassine. > >> I don't know what you mean whitelist_from_spf for ip addresses. > > I want to allow all mail from [IP address]. This host doesn't have a > domain name. > > I see two solutions : > + one is to find a 'whitelist' configuration option that understands > IP addresses. > + two is to add the IP address to my spf record. > >> If you don't know the email address or want to whitelist all mail >> relayed by this host you can use: >> whitelist_from_rcvd *@* [XXX.XXX.XXX.XXX] > > Thanks Karol, this is probably my solution 1. Although now that I > think of it, I should be doing two. What do you think ?
It's definitely cleaner to add this IP to SPF as it is sending email for that domain. Than you can use whitelist_from_spf and it will cover all spf-authenticated email from your domain, which depending on your use-case and configuration might be a good idea. I have for example both inbound and outbound filtering set up in case one of my user accounts get compromised I can filter some spam before I block the account. I would add IP of this server to spf anyway and than use: whitelist_from_rcvd [email protected] [XXX.XXX.XXX.XXX], this way I will whitelist e-mail coming from this server from the address(es) that this server is sending from and also have SPF_PASS which, on it's own, is not impacting the score much. I believe that if you need to whitelist all your originating email because it's hitting so many rules that is going to spam, you're doing something wrong. But YMMV of course. k. -- Karol Augustin [email protected] http://karolaugustin.pl/ +353 85 775 5312
