[Mimedefang] Help with white listing

Paul Murphy pjm at ousekjarr.org
Mon Nov 13 13:09:59 EST 2006


Ashley,

>     One of our vendors sends us e-mail when someone places an order.  
> The problem I'm having is that those e-mails sometimes get bounced 
> because of their content (it's primarily HTML) when I really need them 
> to get delivered regardless.  However, I can't put a blanket white list 
> on their domain name because they mask the FROM: as coming from the 
> person who placed the order.  The only thing I have to go by is that the 
> messages get relayed through their server.  So really I need to white 
> list their relay server and I don't know if that's even possible.

Whitelisting is available in SpamAssassin, but only by e-mail address rather
than by relay address, so this has to be done in MIMEDefang.

Either add an entry in filter_relay to return ACCEPT_AND_NO_MORE_FILTERING
for their relay address:

sub filter_relay {                
    my ($ip, $name, $helo) = @_;
    if ($ip =~ /1.2.3.4/) {	# whitelist e-commerce site
      return ('ACCEPT_AND_NO_MORE_FILTERING', "ok");     
      }
    else {
      return ('CONTINUE', "ok");           
      }
    }

Or modify the part of your filter which is firing on the messages to adjust
the response:
(filter_end:)

	if ( $RelayAddr eq "1.2.3.4" ) {	# whitelist e-commerce site
		my($hits, $req, $names, $report) = qw/0 10 undef undef/;
      } else {
		my($hits, $req, $names, $report) = spam_assassin_check();
      }

If the issue is that it scores very highly on SpamAssassin's tests, then
something like this in filter_end would work better:

	my($hits, $req, $names, $report) = spam_assassin_check();
	if ( $RelayAddr eq "1.2.3.4" ) {	# whitelist e-commerce site
		$hits-=10;	# adjust the message score downwards enough
to be OK
         }
      # and now carry on with standard SA processing
      if ($hits >= $req) {
        my($score);
        if ($hits < 40) {
            $score = "*" x int($hits);
          } else {
            $score = "*" x 40;
          }

The key is to understand what impact each will have - the first will accept
everything from this address, no matter how dangerous or malicious, meaning
that you implicitly trust everything they send.  

The second will effectively skip all SpamAssassin scanning for this relay
system, but leave the rest of your filter intact.

The third will keep scanning everything, but adjust the scores of "normal"
messages from them into the "normal" range, which may mean that it they
become an open relay and start sending out mail which would normally score
even higher than their usual traffic, your filter may still block it - if you
bounce/discard everything above 10, and they usually score 15-18, then a -10
adjustment is enough to allow their messages through, but when they get
hacked and start sending you mails scoring 20+, these will still get blocked.

Best Wishes,

Paul.





More information about the MIMEDefang mailing list