1

Topic: Global Whitelist to bypass all the filters

==== Provide required information to help troubleshoot and get quick answer ====
- iRedMail version: 0.7.4
- Linux/BSD distribution name and version: CentOS 6.2 x64
- Any related log? Log is helpful for troubleshooting.
====

I'm running in a little trouble and I don't understand if I'm making a mistake or it's a feature lacking...

I'd like to global whitelist a user/domain/IP on the server, so I insert it in the iRedAdmin-Pro whitelist section...
But watching the logs I see that the emails are still processed by all the filters (policyd, amavis, etc.) and a score is given to the incoming message.
So I've tried to also whitelist it in the /etc/mail/spamassassin/local.cf. Now the score is about -100 but the message is still going through all the filters.
If and only if I insert it in the whitelist by iRedAdminPro on the per user basis, the message comes through bypassing all the checks and filters.

How to replicate the same behaviour on the global whitelist?

I need it because we receive mail orders from some addresses, and going through all the checks eats about 4 to 6 sec per email.
Bypassing everything, the messages only take about 300ms.
As we know that messages from these adresses and/or IPs are perfectly legitimate, we'd like to know how to configure it.

Thanks in advance...

2

Re: Global Whitelist to bypass all the filters

Albux wrote:

If and only if I insert it in the whitelist by iRedAdminPro on the per user basis, the message comes through bypassing all the checks and filters.

Do you use OpenLDAP backend? If so, could you please paste the LDIF data of this user (who has whitelists)? You can find link "Export account to LDIF" in user profile page, under tab "General".

3

Re: Global Whitelist to bypass all the filters

ZhangHuangbin wrote:
Albux wrote:

If and only if I insert it in the whitelist by iRedAdminPro on the per user basis, the message comes through bypassing all the checks and filters.

Do you use OpenLDAP backend? If so, could you please paste the LDIF data of this user (who has whitelists)? You can find link "Export account to LDIF" in user profile page, under tab "General".


Hello Zhang,

I think you misunderstood me... smile

What I wanted to do is to make the global whitelist in iRedAdmin-Pro 1.6.3 behave like the user's whitelist.


1) If I insert a sender/domain in the USER whitelist it bypass all the filters (amavis reports Hits: - ) and is accepted in a few msec. Everything OK.

but...

2)If I insert a sender/domain/IP in the GLOBAL whitelist, it goes through all the filters, is scored by amavis and the message is accepted in 4-6 seconds. It doesn't seem to me a proper behaviour fow a manually inserted whitelist.

As we have some well known addresses that at certain times of the day send to our server bursts of hundreds messages (receipts of orders), it comes handy to whitelist these addresses and accept the messages without loading the server too much.

4

Re: Global Whitelist to bypass all the filters

Dear Albux,

I understand what you mean, just want to make sure how whitelists are stored in LDAP, then we can fix/improve it.

5 (edited by Albux 2012-04-29 20:36:37)

Re: Global Whitelist to bypass all the filters

ZhangHuangbin wrote:

Dear Albux,

I understand what you mean, just want to make sure how whitelists are stored in LDAP, then we can fix/improve it.

Hi Zhang,

Ok thanks a lot for your collaboration. Then I'll check the forum for some news about this issue. smile

Probably I'm wrong, but I was wondering... why do you have to check the LDAP? Isn't the global whitelist written in the MySQL policyd database?
It's the user's whitelist that's written in the LDAP (and this one is working fine, it bypass all the filters).

IMHO if we could find something in the main.cf that bypass amavis if the check on policyd whitelist is positive, it could work...
But I have no idea how to make it...

PS: weird... the global BLACKLIST is working correctly. It immediately rejects the connection without calling any filter...

6

Re: Global Whitelist to bypass all the filters

Policyd return 'DUNNO' instead of 'OK' for global whitelisted senders, that means mail will be passed to Amavisd for spam and virus scanning. In Amavisd, it will check per-user white/blacklist, so if you have per-user whitelist here, mails will be accepted immediately (return 'OK' instead of 'DUNNO'). That's why it happened.

For global blacklist, Policyd returns 'REJECT' immediately, so it works "correctly".

We need to make whitelist work better, but still no good idea to prevent duplicate whitelist data.
Policyd-2 has a Amavisd plugin, it should work as expected.

7

Re: Global Whitelist to bypass all the filters

ZhangHuangbin wrote:

Policyd return 'DUNNO' instead of 'OK' for global whitelisted senders, that means mail will be passed to Amavisd for spam and virus scanning. In Amavisd, it will check per-user white/blacklist, so if you have per-user whitelist here, mails will be accepted immediately (return 'OK' instead of 'DUNNO'). That's why it happened.

For global blacklist, Policyd returns 'REJECT' immediately, so it works "correctly".

We need to make whitelist work better, but still no good idea to prevent duplicate whitelist data.
Policyd-2 has a Amavisd plugin, it should work as expected.

Dear Zhang,

many thanks for your full explanation of the problem...
So, if I understand correctly if we could find the way to make policyd answer 'OK' after the check on the mysql whitelist table, amavis would NOT be called...

I'll try to work a little on this problem, if I find something I'll let you know.

Ciao smile

Alberto