23.10.2009 20:04, MySQL Student kirjoitti: > Hi, > >> SpamAssassin DOES NOT bypass scanning, if the internal or trusted >> networks contain the server in it. > > Hmm.. thanks for correcting me. > > How would you, then, go about preventing SA from scanning the > localhost or a specific domain without whitelisting that domain or > range? > > Thanks, > Alex >
Personally, I do call SpamAssassin from maildrop (/etc/maildroprc).
That takes place as
----------------------------------------------------------------------
if ( $SCAN_SPAM == 1 )
{
xfilter "spamc -H --retry-sleep=10 --connect-retries=100 -d spamd
-u spam"
}
----------------------------------------------------------------------
Than can be done from procmailrc etc. with their own ways.
The SCAN_SPAM variable is a key in this. I can set it to 0 (default
value for script 1) using various tests.
I have various tests for that variable, that this is what whitelists the
message from being passed to SpamAssassin.
----------------------------------------------------------------------
if (( $SCAN_SPAM == 1) && /^From:\s*(.*)/ && lookup( $MATCH1,
"/usr/etc/maildrop_sender_whitelist", "D" ))
{
xfilter "reformail -A'X-Whitelisted: $MATCH1 in
/usr/etc/maildrop_sender_whitelist'"
SCAN_SPAM=0
}
----------------------------------------------------------------------
In this case, I have a text file /usr/etc/maildrop_sender_whitelist
which contains email addresses line by line, and if maildrop finds a
match from there, it sets the SCAN_SPAM to 0, thus bypassing the SA call.
This test if earlier in the maildroprc script, the spamc call is of
course in the end.
This kind of whitelisting is of course dangerous, but it it works for
me. The whitelisted addresses are mostly of type
[email protected] which are not abused by spammers (knock knock).
You can do all kinds of tests with maildrop. I have also this.
-----------------------------------------------------------------------
# Check for bounces. If matches, no SpamAssassin call needed, because I
do not consider bounce as spam.
if ( /^Subject: Mail Delivery Problem/ || \
/^Subject: Mail Delivery \(failure/ || \
/^Subject: Undelivered Mail Returned to Sender/ || \
/^Subject: virus found in sent message/ || \
/^Subject: failure notice / || \
/^Subject: Mail delivery failed/ || \
/^Subject: Undeliverable\:/ || \
/^Subject: Undeliverable [Mm]ail/ || \
/^Subject: Undeliverable Mail/ || \
/^Subject: Undeliverable mail/ || \
/^Subject: Returned mail\: / || \
/^Subject: DELIVERY FAILURE: User / || \
/^Subject: Yahoo! Auto Response/ || \
/^X-ME-bounce-domain:/ || \
/^X-Failed-Recipients:/ || \
/^X-Yahoo-Newman-Property: groups-bounce/ || \
/^Diagnostic-Code: X-Postfix; host / || \
/^Content-type: multipart\/report;/ || \
/^Subject: Delivery failed\:/ || \
/^Subject: DELIVERY FAILURE\:/ || \
/^Subject: MESSAGE NOT DELIVERED\: / || \
/^Subject: Delivery problem/ || \
/^Subject: Email Failure Notification/ || \
/^Subject: Email not allowed/ || \
/^Subject: failure delivery/ || \
/^Subject: failure notice/ || \
/^Subject: Mail Not Delivered/ || \
/^Subject: mail failed, returning to sender/ || \
/^Subject: Nondeliverable mail/ || \
/^Subject: Warning: could not send message for/ || \
/^Subject: MDaemon Warning - Virus Found/ || \
/^Subject: Permanent Delivery Failure/ || \
/^Subject: Mail System Error - Returned Mail/ || \
/^Subject: Mail System Error - Undeliverable Mail/ || \
/^Subject: Transient Delivery Failure/ || \
/^Subject: Message status - undeliverable/ || \
/^Subject: Warning\: message / || \
/^Subject: Mail could not be delivered/ || \
/^Subject: Your email to .* has NOT been delivered/ || \
/^Subject: Returned mail: see our site/ || \
/^Subject: Delivery failure/ )
{
`logger -p mail.info "** BOUNCE RECEIVED **"`
if (hasaddr("[email protected]"))
{
exit
}
xfilter "reformail -A'X-Whitelisted: Apparently a bounce,
SpamAssassin will not be called.'"
xfilter "reformail -A'X-Bounce: Yes '"
SCAN_SPAM=0
}
-----------------------------------------------------------------------
It does not scan for Spam Attachments if the mail is a bounce. Bounces
will be delivered to another folder with a later rule.
You have your ways, your have your tools.
--
http://www.iki.fi/jarif/
signature.asc
Description: OpenPGP digital signature
