• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3061
  • Last Modified:

Postfix & spamassassin - how to whitelist smtp auth connections

I am running postfix, amavis, apamassassin, and razor and it is working well.

However I do have a minor problem in that sometimes email from people outside the office is classed as spam because they are using dynamic IP addresses etc... They all use SMTP AUTH (no TLS) to our mail server.

I have had a look but postfix does not appear to add any custom headers when people send mail via SMTP AUTH.
Is there any way to configure postfix to add a custom header so that I can then look for it and whitelist these emails in spamassassin?
0
grblades
Asked:
grblades
1 Solution
 
jlevieCommented:
I don't know if you can generate a header for authenticated connections w/Postfix, but you can explictly whitelist those users in the SpamAssassin prefs.
0
 
grbladesAuthor Commented:
The problem with whitelisting those users is that any spam pretending to be from them will get through which is not that uncommon.
0
 
jlevieCommented:
Quite true, but the alternative is losing the mail by it being classified as spam. I'd accept a bit more spam to be sure that I didn't trash a legitimate email.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
pjedmondCommented:
The spamassassin whitelist format for local.cf examples:

whitelist_from      *rhn.redhat.com
whitelist_from      *@apple.com
whitelist_from  boss@yahool.com
whitelist_from  *@mycompany.com

Yes we know that they can be spoofed.........
0
 
_GeG_Commented:
sorry, no fully featured solution, but maybe a hint ;):
check http://advosys.ca/papers/postfix-filtering.html
They have an interesting way to involve the filtering.
If you invoke spamassasin etc by a recipient map,
you can disable it for authenticated users, if you set

smtpd_recipient_restrictions = permit_sasl_authenticated
    check_recipient_access hash:/etc/postfix/filtered_domains
    ....

because the authenticated users are permitted in the first line, the rest must pass the filter. Of course this works only if you use sasl for authentication.
0
 
grbladesAuthor Commented:
I'll have a look at that but I think it will be very difficult to implement with my configuration.

In postfix's master.cf file I have the normal smtp port defined as accepting email with a content filter to pass email onto amavis for virus checking. Amavis then passes the email back to postfix on a different port which then uses a content filter procmail:spamassassin to sent to spamd. Spamd then send the mail back to postfix using sendmail compatability and it gets delivered via procmail/lmtp.
This means each email goes through procmail 3 times.
I have to be carefull not to defing a default content filter etc... otherwise mail goes round in a continuous loop!
0
 
grbladesAuthor Commented:
Thanks I haven't implemented anything in procmail. In the end I just reduced the score allocated to dynamic IP addresses as this has made very little difference to the spam we detect.

If we start getting lots of spam being sent from compromised home machines then I will need to look at this again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now