Amavisd - Whitelist By Domain / IP

最後更新: 2020-08-26

目錄

  • Whitelist by Sender Domain
     - 方法1: Postfix level
     - 方法2: Amavisd level
  • Whitelist by Sender IP

 


Whitelist by Sender Domain

 

方法1: Postfix level

直接跳過 Amavis

main.cf

header_checks=pcre:/etc/postfix/whitelist.pcre

whitelist.pcre:

[email protected]    FILTER SMTP:[127.0.0.1]:10025

方法2: Amavisd level

WHITELISTING

Globally Sender Whitelists - @whitelist_sender_maps

It uses a message's envelope address (the one provided in the SMTP MAIL FROM command) as the sender address.

By an array

@whitelist_sender_maps = ([
    'example.org',
    '[email protected]'
]);

另一寫法

@whitelist_sender_maps = ([qw(example.org [email protected])]); # same thing

 * Domain 只能寫成 'example.org', 不可以在前面加 '@'

Domain & Subdomain

@whitelist_sender_maps = ( [".example.org"] ); # example.org and its subdomains

Read items from file

/etc/amavisd/whitelist.cf

.example.org
.example.net
.pro               # Comment start here
[email protected]

/etc/amavisd/amavisd.conf

@whitelist_sender_maps = ( read_hash('/etc/amavisd/whitelist.cf') );

 * subroutine read_hash() available for use in amavisd.conf (它不是 perl function)

 * anything from '#' to the end of line is treated as a comment

修改 whitelist.cf 後要 restart service 才生效

service amavisd restart

BLACKLISTING

@blacklist_sender_maps = ( read_hash("/etc/amavisd/blacklist.cf") );

 * 只有 '$final_spam_destiny = D_BOUNCE;' 時才有 DSN, DISCARD 就不會有 bounce mail

amavisd log:

... amavis[13946]: (13946-01) Blocked SPAM {}, LOCAL  [R.R.R.R] <sender@domain> -> ,
    mail_id: p4ELfb4TENR1, Hits: -, size: 289, 124 ms
  • Blocked = '$final_spam_destiny' 係 D_BOUNCE / DISCARD
  • SPAM = 中了/etc/amavisd/blacklist.cf

 

postfix log:

... mail postfix/smtp[30772]: 50A1813837E: to=<d@D>, relay=127.0.0.1[127.0.0.1]:10024, ...
    status=sent (250 2.5.0 Ok, id=30620-03, DISCARD(bounce.suppressed))

方法3: SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps

 * A by-recipient hash lookup table (2 level)

 *  a hash-type lookup table (associative array)

@score_sender_maps = ({
  '[email protected]'  => [{'user@domain'     => 10.0}],
  '[email protected]'  => [{'.ebay.com'       => -3.0,
                            '[email protected]' => -3.0,}],
});

 * results from all matching recipient tables are summed

 * '.' matches any recipient

# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
@score_sender_maps = ({
    '.sub1.example.com' => [ read_hash("/etc/amavisd/sender_scores_sub1.cf") ],
    '.sub2.example.com' => [ read_hash("/etc/amavisd/sender_scores_sub2.cf") ],
    '.'                 => [ read_hash("/etc/amavisd/sender_scores_sitewide.cf") ],
});

sender_scores_sitewide.conf:

Usage

sender     score

i.e.

# without "<", "=>" or else....
user@domain    -10
.domain.me     -10
.domain.us     -10

P.S.

只有 '$final_spam_destiny = D_BOUNCE;' 時, Over 了 '$sa_dsn_cutoff_level'  的才不出 bounce mail

MySetting

# ENVELOPE SENDER WHITELISTING / BLACKLISTING
@whitelist_sender_maps = ( read_hash('/etc/amavisd/whitelist_by_domain.conf') );

# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
@score_sender_maps = ({
        '.'     => [ read_hash("/etc/amavisd/sender_scores_sitewide.conf") ],
});

Checking

grep amavis /var/log/maillog | grep postmaster@

會見到 "Hits: -" 在 log 內

i.e.

... amavis[27261]: (27261-02) Blocked SPAM {RejectedInternal,Quarantined}, ... , Hits: -, size: 310, 79 ms

"Hits: -"

When you see "Hits: -" it means that SpamAssassin was not called

This can happen for a few possible reasons:

(1) If the sender is whitelisted or blacklisted, no spam-checking is done;

(2) If the mail is larger than $sa_mail_body_size_limit

 

 


Whitelist by Sender IP

 

設定 amavis 不掃某 IP 的來信

amavis.conf

# 仍保留 @mynetworks
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

# CIDR notation, one address per line (comments and empty lines are allowed):
@mynetworks_maps = (read_array('/etc/amavisd/whitelist_by_ip.cf'), \@mynetworks);

@client_ipaddr_policy = map(($_,'MYNETS'), @mynetworks_maps);

$policy_bank{'MYNETS'} = {  # mail originating from @mynetworks
  bypass_spam_checks_maps    => [1],
  bypass_banned_checks_maps  => [1],
  bypass_virus_checks_maps   => [1],
  bypass_header_checks_maps  => [1],
};

/etc/amavisd/whitelist_by_ip.cf

n.n.n.n   # mx1
m.m.m.m   # mx2

/etc/init.d/amavisd restart

Checking

maillog

... amavis ... Passed CLEAN, MYNETS LOCAL [n.n.n.n] ... Hits: - ...

P.S.

# Faster lookups (對比 read_array) for large lists by reading into a hash lookup table

# one address per line, for full addresses or classful IPv4 subnets with truncated octets(192.168)

# comments and empty lines are allowed

@mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks);