On 21 March 2018 at 16:44, Martin Johannes Dauser <[email protected]> wrote:
> Regarding that whitelist_sender_maps would work on 'From:' header, not the > envelope sender, I can not comply! > > I set buxdehu.de in whitelist > > Then I telnet to my mailserver > > $ *telnet localhost 25* > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > 220 mail.cs.sbg.ac.at ESMTP Postfix (RHEL/GNU) > *EHLO mail.cs.sbg.ac.at <http://mail.cs.sbg.ac.at>* > 250-mail.cs.sbg.ac.at > 250-PIPELINING > 250-SIZE 52428800 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-XFORWARD NAME ADDR PROTO HELO SOURCE PORT IDENT > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > *MAIL FROM:<[email protected]>* > 250 2.1.0 Ok > *RCPT TO:<[email protected]>* > 250 2.1.5 Ok > *DATA* > 354 End data with <CR><LF>.<CR><LF> > *FROM: [email protected] <[email protected]>* > *SUBJECT: testmail* > > *test* > *.* > 250 2.0.0 Ok: queued as 31F66200A4D2 > *QUIT* > > And I get > X-spam-status: No, score=x required=6 WHITELISTED tests=[] > > So at least in my setup it's the envelope sender which is observed. > > A failure of mine in the previous posts was, that I used quotes within the > files for whitelisting. > Thats's a baaad idea. > > Best regards > Martin Johannes Dauser > > On Wed, 2018-03-21 at 14:35 +0000, Dominic Raferd wrote: > > > > On 26 February 2018 at 16:34, Dominic Raferd <[email protected]> > wrote: > > I have now updated my 50-user.conf to this: > $interface_policy{'10024'} = 'INCOMING'; > $policy_bank{'INCOMING'} = { > whitelist_sender_maps => [ read_hash('/etc/amavis/whitelist') ], > }; > > > Note that this whitelisting technique works on the address given in the > 'From:' header, not the envelope sender (aka Return-Path). > > Each address in /etc/amavis/whitelist (one per line, comments and blank > lines are ignored) can be whole email address, domain only, or domain > preceded by dot in which case it matches emails from domain *and* any > subdomains: > > # example amavis whitelist file > > [email protected] > .currys.co.uk > zpg.co.uk > > After updating the file you (probably - untested) have to reload amavis > for it to take account of the changes. If you have systemd: > systemctl reload-or-restart amavis > > Interesting but in my setup it is definitely the From: header that is compared, I have numerous examples, and I cannot find a single counter-example (where an email is whitelisted and the whitelist can only be because of the envelope sender). I guess there must be some subtle difference in our setup?
