1

Topic: Bypass spam filter block with whitelist

Hi,
I'm intersted on purchase of iRedAdmin-Pro-MySQL but I have a question.
Is it possible bypass a block of spam filter for enforce the mail passing with a whitelist that is accesible from the whitelist pannel?
In other words, if I insert an email address (i.e. example@example.com) in the whitelist pannel, can this email bypass the spam filter block and so can I receive an email by this address?
I have a spamassassin filter and I set the file configuration main.cf in postfix like below:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org

How can I change this configuration to run the whitelist from the iRedAdmin pannel?
Thanks

2

Re: Bypass spam filter block with whitelist

19neo77 wrote:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org

First of all, this setting is not the default one in iRedMail. it should be:

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031

Since you have policyd enabled (setting "check_policy_service inet:127.0.0.1:10031"), you can add whitelist in policyd directly to bypass certain sender/domain.

You can find detail SQL command used to create whitelist records in policyd database here: http://policyd.sourceforge.net/readme.html

Also, you can create whitelist with iRedAdmin-Pro, screenshots:
http://screenshots.iredmail.googlecode.com/hg/iredadmin/system_whitelist_add.png
http://screenshots.iredmail.googlecode.com/hg/iredadmin/system_whitelist_view_ip.png

3

Re: Bypass spam filter block with whitelist

Seems policyd returns 'DUNNO' instead of 'OK' for whitelisted sender, so if above method doesn't work for you, here's another way:

*) Add one more restriction rule before 'check_policy_service inet:127.0.0.1:10031', like this:

smtpd_recipient_restrictions =
    ...
    check_client_access hash:/etc/postfix/access,      # <- Add this line.
    check_policy_service inet:127.0.0.1:10031,
    ...

*) Create file /etc/postfix/access, you can list as many senders/domains/ip addresses in this file as whitelisted or blacklisted. Sample:

user@domain.ltd    OK
domain.ltd    OK
.domain.ltd    OK
example.com    REJECT Blacklisted.
192.168.10.2    REJECT

*) Execute the command "postmap /etc/postfix/access" to rebuild an  indexed  file after changing the corresponding text file.

# postmap /etc/postfix/access

That's all.

Reference:
- http://www.postfix.org/access.5.html
- http://www.postfix.org/postconf.5.html

4

Re: Bypass spam filter block with whitelist

Old thread, I know, but I have an addition. 

Neither of the above worked for me, but I found another solution:  in /etc/mail/spamassassin/local.cf, add the following line:

trusted_networks xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx

(where xxx.xxx.xxx.xxx is the IP addresses or ranges that you want to exclude from spam filtering)

Now, the trusted_networks score in 50scores.cf will apply to your IP addresses.  I have ours set at -10.  Messages from those IPs will have to have at least a score of 10 plus whatever your cutoff is in order to be marked as spam.

It doesn't actually disable the spam filtering, but it's effective.

5

Re: Bypass spam filter block with whitelist

@answerman, thanks for your sharing. smile

6

Re: Bypass spam filter block with whitelist

I am a new customer of iRedMail-Pro. In the messages above in this thread, there's a display where the white list can be edited from the Pro admin panel. I don't see that in the present version that I have installed. I have iRedMail-Pro MySQL version. It's the latest since I just started using it.

I am trying to exclude notifications from my servers, e.g. root@xyz.example.com, from being rejected. I really don't care if these machines are accessible from anywhere, or can receive mail, as they are web servers and compute servers. They simply need to send their daily status logs and have them not be rejected.

I have already excluded my internal network IP address range. I had to do that by adjusting config files, too, as I didn't find any whitelisting mechanism in the iRedMail-Pro interface. I must be missing something, because it seems like there isn't much other than alias support that came along with the purchase of the Pro license. How do I turn on the rest of the useful stuff, so I don't have to go researching and tweaking config files for all of what I thought would be in the control panel app?

7

Re: Bypass spam filter block with whitelist

Hi dts,

Sorry about this trouble. You can try add the IP address(es) of your internal network in Postfix parameter 'mynetworks =', so that all emails sent from those internal servers will be accepted by Postfix.

About whitelist management, if you have Cluebringer installed, then iRedAdmin-Pro will not show you whitelist related stuffs because it doesn't support it. We're working on Cluebringer support to provide whitelist/blacklist management, hopefully it will be available in next release of iRedAdmin-Pro.

Again, thanks very much for purchasing iRedAdmin-Pro. It keeps iRedMail project moving on.