[Mimedefang] white listing $senders

Jeffrey Goldberg jeffrey at goldmark.org
Wed Jul 7 18:43:03 EDT 2004 

I wish to whitelist early based on $sender.  (I will only whitelist
domains that publish SPF records).

I want to double check that what I am thinking is correct.  So here is
what I have done (but not "turned on" yet)

The multiplexor is called with -s

My goal is

  (a) to leave some messages untampared with
  (b) to save processing (specifically unnessary spamassassin checks)

To mimedefang-filter I've added the following two functions

sub filter_sender {
  my ($sender, $ip, $hostname, $helo) = @_;
  return('ACCEPT_AND_NO_MORE_FILTERING', "Sender whitelisted")
       if is_whitelisted($sender, $ip);

  return ('CONTINUE', "ok");
}

sub is_whitelisted {
  my ($sender, $ip) = @_;
  my ($whitelistfile) = '/var/spool/MIMEDefang/whitelist.txt' ;

  return true if ($ip =~ /^192\.168/ );

  if(open (WHITELIST, "< $whitelistfile" )) {
     @whitelist = <WHITELIST> ;
     return true if grep { /\b$sender$/i } @whitelist ;
  }

  return false;
}


The file /var/spool/MIMEDefang/whitelist.txt will contain a list of email
addresses and domains each on a line by itself.  (I already see that I
forgot to chomp).  It might look like

   mydomain.example
   friendsdomain.example
   netflix.com
   some-customer at isp.example
   other-customer at isp2.example

and so on.

I have a couple of questions.

(1) Other than my forgetting to chomp are there other errors in the code
    that people notice.

(2) Will the whitelist file be opened anew with every incoming mail? or
    will it only be opened when the mutliplexor starts a slave?

(3) If the answer to (2) is "every time" is there something I can to fix
    that while still keeping the whitelist in an external file?

(4) I'm using bayes autolearn for spamassassin, if I by-pass spamassassin
    with this whitelisting am I depriving the autolearn system with
    important information?

I also have a few policy questions.

 (4) What I'm doing will exempt whitelisted mail not only from defanging,
     bad extention checks and SpamAssassin, but also from virus scanning.
     Is that stupid?  Note that at the site in question almost all (but
     not all) email users are on Linux.  Of the few MS-Windows users,
     almost everyone (but not everyone) is using a Mozilla based MUA.
     (But I know that there is at least one Outhouse user still, and
     that is not going to change).


-j

-- 
Jeffrey Goldberg                            http://www.goldmark.org/jeff/
 Relativism is the triumph of authority over truth, convention over justice
 Hate spam?  Boycott MCI! http://www.goldmark.org/jeff/anti-spam/mci/

More information about the MIMEDefang mailing list