Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[AMaViS-user] white list a domain from attachment check

38 views
Skip to first unread message

Jason Hirsh

unread,
Jan 26, 2009, 5:58:48 PM1/26/09
to
I am using amavid-new with posftix anddovecot


In amavisd.con I have blocked .gif attachments from being received
into my hosted domains

That wokrs just fine with the sender receiving a
550_5.7.1_BAD_ATTACHMENT

The thing is that I now need to allow several domains to send.gif to
users

I tried to white list these domains with the following statement

read_hash(\%whitelist_sender, '/usr/local/etc/whitelist_sender');


but the domains still get blocked any ideas?

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
AMaViS-user mailing list
AMaVi...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Mark Martinec

unread,
Jan 26, 2009, 7:08:44 PM1/26/09
to
Jason,

> I am using amavid-new with posftix anddovecot
> In amavisd.con I have blocked .gif attachments from being received
> into my hosted domains
>
> That wokrs just fine with the sender receiving a
> 550_5.7.1_BAD_ATTACHMENT
>
> The thing is that I now need to allow several domains to send.gif to
> users
>
> I tried to white list these domains with the following statement
> read_hash(\%whitelist_sender, '/usr/local/etc/whitelist_sender');
> but the domains still get blocked any ideas?

Whitelisting only applies to spam checks, not to banning or virus checks.

While it is possible to have per-recipient banning rules (through
@banned_filename_maps / %banned_rules) - to have per-sender
banning rules is intentionally not supported, because sender address
cannot be trusted.

The only reliable way is to persuade your sending domains to start
signing their mail with DKIM. This allows you and other recipients
to load a policy bank based on a signed From address through
@author_to_policy_bank_maps (see release notes), which can
install less strict banning rules or whatever is necessary, including
disabling banning checks or virus checks. For sender addresses from
yahoo or gmail.com or several other domains you can do it right away.

For nonsigned senders an unreliable(!!!) way is to configure your MTA
to tag a specific FILTER to mail from your 'trusted' sending domains,
and let it feed such mail to amavisd on a dedicated port, where
again you can load a policy bank based on a port number. The
trick to use is much like the one described in:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-postfix-dual-path

Mark

Jason Hirsh

unread,
Jan 27, 2009, 8:43:20 AM1/27/09
to


Can I classify a file attachment as spam instead of banned??

Jason

0 new messages