Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Postfix & spamassassin - how to whitelist smtp auth connections

Posted on 2004-08-13
7
Medium Priority
?
3,009 Views
Last Modified: 2008-01-09
I am running postfix, amavis, apamassassin, and razor and it is working well.

However I do have a minor problem in that sometimes email from people outside the office is classed as spam because they are using dynamic IP addresses etc... They all use SMTP AUTH (no TLS) to our mail server.

I have had a look but postfix does not appear to add any custom headers when people send mail via SMTP AUTH.
Is there any way to configure postfix to add a custom header so that I can then look for it and whitelist these emails in spamassassin?
0
Comment
Question by:grblades
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 11795274
I don't know if you can generate a header for authenticated connections w/Postfix, but you can explictly whitelist those users in the SpamAssassin prefs.
0
 
LVL 36

Author Comment

by:grblades
ID: 11795313
The problem with whitelisting those users is that any spam pretending to be from them will get through which is not that uncommon.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11796836
Quite true, but the alternative is losing the mail by it being classified as spam. I'd accept a bit more spam to be sure that I didn't trash a legitimate email.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 22

Expert Comment

by:pjedmond
ID: 11801536
The spamassassin whitelist format for local.cf examples:

whitelist_from      *rhn.redhat.com
whitelist_from      *@apple.com
whitelist_from  boss@yahool.com
whitelist_from  *@mycompany.com

Yes we know that they can be spoofed.........
0
 
LVL 9

Accepted Solution

by:
_GeG_ earned 1000 total points
ID: 11801922
sorry, no fully featured solution, but maybe a hint ;):
check http://advosys.ca/papers/postfix-filtering.html
They have an interesting way to involve the filtering.
If you invoke spamassasin etc by a recipient map,
you can disable it for authenticated users, if you set

smtpd_recipient_restrictions = permit_sasl_authenticated
    check_recipient_access hash:/etc/postfix/filtered_domains
    ....

because the authenticated users are permitted in the first line, the rest must pass the filter. Of course this works only if you use sasl for authentication.
0
 
LVL 36

Author Comment

by:grblades
ID: 11802110
I'll have a look at that but I think it will be very difficult to implement with my configuration.

In postfix's master.cf file I have the normal smtp port defined as accepting email with a content filter to pass email onto amavis for virus checking. Amavis then passes the email back to postfix on a different port which then uses a content filter procmail:spamassassin to sent to spamd. Spamd then send the mail back to postfix using sendmail compatability and it gets delivered via procmail/lmtp.
This means each email goes through procmail 3 times.
I have to be carefull not to defing a default content filter etc... otherwise mail goes round in a continuous loop!
0
 
LVL 36

Author Comment

by:grblades
ID: 11882273
Thanks I haven't implemented anything in procmail. In the end I just reduced the score allocated to dynamic IP addresses as this has made very little difference to the spam we detect.

If we start getting lots of spam being sent from compromised home machines then I will need to look at this again.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question