Safe list for disarmed emails for MailScanner (with Postfix)

viento · 04-15-2009, 07:35 PM

Hi all, my first post here. Recently i just installed Postfix with MailScanner (which control SpamAssassin and ClamAV) for the content filtering. Everything looks good now, however, i think MailScanner is so good that it {Disarmed}-ing most of our HTML emails.

So the question is, how to add safe list, (can be domain based or email address based?) to the MailScanner setup (or Postfix)?

repo · 04-16-2009, 12:13 PM

in MailScanner.conf
Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules

in /etc/MailScanner/rules/spam.whitelist.rules
put the mailaddres you want to whitelist.

ABL · 04-16-2009, 03:25 PM

Quote:

Originally Posted by viento

Hi all, my first post here. Recently i just installed Postfix with MailScanner (which control SpamAssassin and ClamAV) for the content filtering. Everything looks good now, however, i think MailScanner is so good that it {Disarmed}-ing most of our HTML emails.

So the question is, how to add safe list, (can be domain based or email address based?) to the MailScanner setup (or Postfix)?

I'm not sure you want to add these sites to the whitelist, as someone could spoof the addresses. Additionally, there is another field you would need to check, especially, if you are having issues with mailing lists in MailScanner.conf:
That field is: Ignore Spam Whitelist If Recipients Exceed = 100

You may want to check out the Allow IFrame Tags, Allow Form Tags, Allow Script Tags, Allow WebBugs, and Allow Object Codebase Tags directives in MailScanner.conf. You may want to use files here, rather than the standard "yes", "no", and "disarm". This way you could allow these tags for certain domains/email addresses, but they would still be scanned for spam.

I *believe* you can point all of these to the same filename, so you only have one file to modify.

Regards,
Alden

viento · 04-16-2009, 11:46 PM

Quote:

Originally Posted by repo

in MailScanner.conf
Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules

in /etc/MailScanner/rules/spam.whitelist.rules
put the mailaddres you want to whitelist.

Thanks repo - I thought that whitelist is for spam only. Maybe need to make it clear somehow in that filename or in the documentation.

viento · 04-17-2009, 12:05 AM

Quote:

Originally Posted by ABL

You may want to use files here, rather than the standard "yes", "no", and "disarm". This way you could allow these tags for certain domains/email addresses, but they would still be scanned for spam.

What do you mean by use files? Are you saying that we can set, let say block 'Allow Form Tags' for particular domains, but allow for any source than the ones in /etc/MailScanner/rules/spam.whitelist.rules?

ABL · 04-17-2009, 10:25 AM

Quote:

Originally Posted by viento

What do you mean by use files? Are you saying that we can set, let say block 'Allow Form Tags' for particular domains, but allow for any source than the ones in /etc/MailScanner/rules/spam.whitelist.rules?

Actually, I think it would work better the other way; that is, block all domains except the ones you want to allow. But either way will work.

For example, you might set up your file--let's call it, formtags.rules--like this:
From: mydomain.com yes
From: virusorspamdomain.com no
From: default disarm

ABL · 04-17-2009, 03:01 PM

Quote:

Originally Posted by ABL

Actually, I think it would work better the other way; that is, block all domains except the ones you want to allow. But either way will work.

For example, you might set up your file--let's call it, formtags.rules--like this:
From: mydomain.com yes
From: virusorspamdomain.com no
From: default disarm

If you use this, make sure that you use tabs bwtewen arguments, not spaces. E.g.,
From:<tab>mydomain.com<tab>yes