Re: clarification on whitelist_from_rcvd

Wed, 09 Dec 2009 03:57:28 -0800 

Lucio Chiappetti wrote:

whitelist_from                  x...@lambrate.inaf.it
whitelist_from                  x...@iasf-milano.inaf.it
whitelist_from_rcvd             *...@lambrate.inaf.it      lambrate.inaf.it
whitelist_from_rcvd             *...@iasf-milano.inaf.it   lambrate.inaf.it
... the word "supplement" leaves me perplexed. Does this mean the two conditions above are ANDed instead of ORed ? 
it basically means, use whitelist_from_rcvd if you can, so its ORed.
(but use spf or dkim whitelisting if you can, and SA whitelist only subtracts -100 points, where amavis would just whitelist it. see amavis group) but don't whitelist a local user without _from rcvd,dkim or spf
If so, messages coming e.g. from r...@ourserver.lambrate.inaf.it should not be subject to the whitelist_from_rcvd (which is not what we want). 


whitelist_from                  x...@lambrate.inaf.it

you didn't include r...@ourserver.lambrate.inaf.it, only lambrate.inaf.it.
either case, lots of spammers use the 'from/to' address (forge the from address), so whitelisting anyone on your local network that way WILL get them spam. 
use dkim/spf whitelisting or from_rcvd.


whitelist_from_rcvd             *...@lambrate.inaf.it      lambrate.inaf.it

you didn't include 'ourserver' in that glob

also, LOCALLY generated emails might look like 'localhost'.
We did also a check_whitelist /etc/mail/spamassassin/awlst/awl looking for address r...@ourserver.lambrate.inaf.it and ip=155.253 (so truly from our LAN), and found a score of -1.0 (which should mean it is correctly whitelisted). 


that is AWL, not SA whitelisting.
don't confuse the two.


--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best Anti-Spam Product 2008, Network Products Guide
   * King of Spam Filters, SC Magazine 2008


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com 
_________________________________________________________________________

Reply via email to