Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3033
  • Last Modified:

Postfix & spamassassin - how to whitelist smtp auth connections

I am running postfix, amavis, apamassassin, and razor and it is working well.

However I do have a minor problem in that sometimes email from people outside the office is classed as spam because they are using dynamic IP addresses etc... They all use SMTP AUTH (no TLS) to our mail server.

I have had a look but postfix does not appear to add any custom headers when people send mail via SMTP AUTH.
Is there any way to configure postfix to add a custom header so that I can then look for it and whitelist these emails in spamassassin?
0
grblades
Asked:
grblades
1 Solution
 
jlevieCommented:
I don't know if you can generate a header for authenticated connections w/Postfix, but you can explictly whitelist those users in the SpamAssassin prefs.
0
 
grbladesAuthor Commented:
The problem with whitelisting those users is that any spam pretending to be from them will get through which is not that uncommon.
0
 
jlevieCommented:
Quite true, but the alternative is losing the mail by it being classified as spam. I'd accept a bit more spam to be sure that I didn't trash a legitimate email.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
pjedmondCommented:
The spamassassin whitelist format for local.cf examples:

whitelist_from      *rhn.redhat.com
whitelist_from      *@apple.com
whitelist_from  boss@yahool.com
whitelist_from  *@mycompany.com

Yes we know that they can be spoofed.........
0
 
_GeG_Commented:
sorry, no fully featured solution, but maybe a hint ;):
check http://advosys.ca/papers/postfix-filtering.html
They have an interesting way to involve the filtering.
If you invoke spamassasin etc by a recipient map,
you can disable it for authenticated users, if you set

smtpd_recipient_restrictions = permit_sasl_authenticated
    check_recipient_access hash:/etc/postfix/filtered_domains
    ....

because the authenticated users are permitted in the first line, the rest must pass the filter. Of course this works only if you use sasl for authentication.
0
 
grbladesAuthor Commented:
I'll have a look at that but I think it will be very difficult to implement with my configuration.

In postfix's master.cf file I have the normal smtp port defined as accepting email with a content filter to pass email onto amavis for virus checking. Amavis then passes the email back to postfix on a different port which then uses a content filter procmail:spamassassin to sent to spamd. Spamd then send the mail back to postfix using sendmail compatability and it gets delivered via procmail/lmtp.
This means each email goes through procmail 3 times.
I have to be carefull not to defing a default content filter etc... otherwise mail goes round in a continuous loop!
0
 
grbladesAuthor Commented:
Thanks I haven't implemented anything in procmail. In the end I just reduced the score allocated to dynamic IP addresses as this has made very little difference to the spam we detect.

If we start getting lots of spam being sent from compromised home machines then I will need to look at this again.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Tackle projects and never again get stuck behind a technical roadblock.
Join Now