Multiple recipients causing soft-whitelisted to count multiple times

Mark Martinec wrote:
> Adam,
>> It would be nice if the score_sender_maps had an
entry for an IP or
>> hostname to limit what sending systems will match
the score_sender_map
>> entry.  This would be very handy as I know where
most of the entries
>> will be sending emails from and could keep spammers
from using that
>> email.  Has this been discussed before?
> 
> My plan is to extend the lookup_ip_acl to be able to
return information
> (like policy bank name) associated with an IP address
or CIDR network specs 
> (and not just boolean match/nomatch as now), which will
make it possible to 
> associate different policy banks with different client
IP addresses - similar 
> to what MYNETS does currently, but more flexible. Other
needed mechanisms
> are already in place, score_sender_maps can be
configured per policy bank.
> 
> It is possible to achieve something like this with
existing mechanisms,
> provided that not too many IP networks need different
treatment each:
> Postfix can use FILTER to associate content filters on
different ports
> with client CIDR maps, making it possible for
amavisd-new to switch
> policy banks based on that.

How do you use policy banks with the sendmail/amavisd-milter
setup? 
Sendmail cannot connect to different amavisd sockets based
on 
originating smtp client IP.  It seems like policy banks were
really 
meant for postfix mainly because most comments I see about
it are about 
postfix(even comments in the amavisd.conf file with MYNETS).

The issues I am still trying to find a good solution for
are:

- Need a way to bypass all spam checks for mail generated
from 
127.0.0.1.  Automated reports and forwards can sometimes get
triggered 
as spam.  I cannot use soft whitelisting for this because
mail is sent 
as the users email address for forwards and other things,
etc.  I know 
for a fact that mail generated from 127.0.0.1 will never be
spam so it 
seems more logical to bypass this by IP.

- Need a way to bypass mail from certain hosts that are
known to trigger 
as spam and I never want to check spam from.

It would be nice to be able to bypass spam checking by IP
without 
needing policy banks.  Setting up policy banks just to
bypass spam 
checks for some hosts seems like a lot of complexity for
what I think is 
a common need.

Regardless... thanks again for the information.


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

Adam,

> How do you use policy banks with the
sendmail/amavisd-milter setup?

The new AM.PDP protocol allows the caller to provide a SMTP
client's
IP address in an attribute pair like:
client_address=10.2.3.4

If the client IP information is provided and mynetworks_maps is defined,
then the MYNETS policy bank gets selected on mail from our
networks,
just like in a Postfix setup.

I know that milter in its call to mlfi_connect provides
client's host name as well as its IP address.
It remains to be seen whether Petr Rehor's amavisd-milter
helper program passes this information to amavisd.
It shouldn't be too much work if it doesn't already do so.

> Sendmail cannot connect to different amavisd sockets
based on
> originating smtp client IP.

That is true I guess, but at least it should be able to pass
client's IP address.

> It seems like policy banks were really 
> meant for postfix mainly because most comments I see
about it are about
> postfix(even comments in the amavisd.conf file with
MYNETS).

Well, yes, Postfix gets most of my attention and attention
from the
mailing list. Wherever some feature makes sense for other
setups
like milter or courier, it is likely that it is supported
there as well.

> The issues I am still trying to find a good solution
for are:
>
> - Need a way to bypass all spam checks for mail
generated from
> 127.0.0.1.  Automated reports and forwards can
sometimes get triggered
> as spam.  I cannot use soft whitelisting for this
because mail is sent
> as the users email address for forwards and other
things, etc.  I know
> for a fact that mail generated from 127.0.0.1 will
never be spam so it
> seems more logical to bypass this by IP.

I'm aware of the problem, but don't know of a good
solution.
I hope someone more intimately involved with milter will
provide one...

Perhaps a decision based on client's address can be used -
a helper
program may decide to complete the request by itself,
without
interrogating amavisd.

> - Need a way to bypass mail from certain hosts that are
known to trigger
> as spam and I never want to check spam from.

My planned course could cover that, provided a client's IP
address is 
available.

> It would be nice to be able to bypass spam checking by
IP without
> needing policy banks.  Setting up policy banks just to
bypass spam
> checks for some hosts seems like a lot of complexity
for what I think is
> a common need.

Well, I don't think the following is excessively
complicated:

mynetworks = qw(127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
...);
$policy_bank{'MYNETS'} = {
  bypass_spam_checks_maps   => [1],
}



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/