You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matt <lm...@gmail.com> on 2008/03/07 16:58:44 UTC
Whitelisting IP's
I have a file that contains a list of all the IP's that have
successfully POP3'ed there email within last 15 minutes. Its used for
POPB4SMTP. Naturally the IP's in the file are constantly changing.
/etc/virtual/pophosts
Is there anyway to setup Spamassassin to whitelist all IP's in that
file? Right now I have it setup in Exim to just not scan messages
from those IP's but I think it would be better to scan and whitelist
them that way bayes would have more good messages to learn from. Or
will it help bayes any? If not I'll just leave it the way it is.
Matt
RE: Whitelisting IP's
Posted by Robert - elists <li...@abbacomm.net>.
>
> I have a file that contains a list of all the IP's that have
> successfully POP3'ed there email within last 15 minutes. Its used for
> POPB4SMTP. Naturally the IP's in the file are constantly changing.
>
> /etc/virtual/pophosts
>
> Is there anyway to setup Spamassassin to whitelist all IP's in that
> file? Right now I have it setup in Exim to just not scan messages
> from those IP's but I think it would be better to scan and whitelist
> them that way bayes would have more good messages to learn from. Or
> will it help bayes any? If not I'll just leave it the way it is.
>
> Matt
Matt,
Are you talking about a whitelist type scoring that "you" generate to get
emails learned as ham or something???
Yes there is a way to do it, yet we don't use Exim....
We are doing the opposite, yet you could use this with negative scoring to
work at and achieve what you desire.
Trial and error eh?
We do it with rbldnsd and a simple custom SA .cf file and score and a local
"zones" in dns
Our /etc/sysconfig/rbldnsd file looks like this
RBLDNSD="dsbl -r/var/lib/rbldns -b 127.0.0.1/530 -4 -e -f \
-l log/rbldnsd.log -s log/statfile.log \
uri.badzone1.local:dnset:work/localfiledir/uri.badzone1file.local.rbldnsd \
"
The .cf file will look like other URI type in 25_uribl.cf
#
###########################################################################
##
#
urirhssub URIBL_BADLOCAL1 uri.badzone1.local. A 2
body URIBL_BADLOCAL1 eval:check_uridnsbl(' URIBL_BADLOCAL1')
describe URIBL_BADLOCAL1 Contains an URL listed in the localuri blacklist
tflags URIBL_BADLOCAL1 net
####################################################################
#
#
#
score URIBL_BADLOCAL1 0 4 0 4
This is scored to ADD score for flagging or "rejection" type purposes.
It appears that you would want to do it negatively.
Don't forget you will want to add the zones to your dns...
zone "uri.badzone1.local" in {
type forward;
forward first;
forwarders { 127.0.0.1 port 530; };
};
We recently implemented because of a new system being testing out there.
:-)
There are other working examples in the 25_uribl.cf file from SA on your
server
Just remember, it appears you will want negative scores for a whitelist type
effect.
Hope this helps or gives one type of direction
There are probably easier ways with Exim or SA
- rh
Re: Whitelisting IP's
Posted by Steve Cloutier <cl...@piesky.com>.
Matt-123 wrote:
>
>> > I have a file that contains a list of all the IP's that have
>> > successfully POP3'ed there email within last 15 minutes. Its used for
>> > POPB4SMTP. Naturally the IP's in the file are constantly changing.
>> >
>> > /etc/virtual/pophosts
>> >
>> > Is there anyway to setup Spamassassin to whitelist all IP's in that
>> > file? Right now I have it setup in Exim to just not scan messages
>> > from those IP's but I think it would be better to scan and whitelist
>> > them that way bayes would have more good messages to learn from. Or
>> > will it help bayes any? If not I'll just leave it the way it is.
>>
>> try plugin for checking pop-before-smtp database:
>> http://wiki.apache.org/spamassassin/POPAuthPlugin
>>
>> However that will only work on your system. Generally I'd advise you/your
>> clients to use standard SMTP authentication
>
> This seemed like a great solution but naturally did not work. My
> popb4smtp database is just a flat file that contains IP addresses.
> POPAuthPlugin wants a "access.db style hash file" which I do not have.
>
> Any fix for that?
>
> Matt
>
>
There is a way, but it's kind of a hack :-). You *could* have a script run
once every few seconds (maybe
a "sleep" loop), and look at the file modification time of your flat file.
If it's different than the last look, run
makemap. This would give you a new .db file. Yes, as I said, it IS a
hack, but it's better than nothing :-)
Also, how is the file flat created? Do you create it somehow, or is it
automatic. Nothing to prevent you
from scanning the file with a program, and using the database routines (are
you on Unix?) to directly create
and modify a .db file.
FWIW
Regards,
Steve
--
View this message in context: http://www.nabble.com/Whitelisting-IP%27s-tp15899667p15923983.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Whitelisting IP's
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 08/03/2008 2:20 PM, Matt wrote:
>>> I have a file that contains a list of all the IP's that have
>>> successfully POP3'ed there email within last 15 minutes. Its used for
>>> POPB4SMTP. Naturally the IP's in the file are constantly changing.
>>>
>>> /etc/virtual/pophosts
>>>
>>> Is there anyway to setup Spamassassin to whitelist all IP's in that
>>> file? Right now I have it setup in Exim to just not scan messages
>>> from those IP's but I think it would be better to scan and whitelist
>>> them that way bayes would have more good messages to learn from. Or
>>> will it help bayes any? If not I'll just leave it the way it is.
>> try plugin for checking pop-before-smtp database:
>> http://wiki.apache.org/spamassassin/POPAuthPlugin
>>
>> However that will only work on your system. Generally I'd advise you/your
>> clients to use standard SMTP authentication
I haven't seen any evidence, compelling or otherwise, to suggest that
SMTP auth'd mail vs not is any more deliverable with all other things equal.
> This seemed like a great solution but naturally did not work. My
> popb4smtp database is just a flat file that contains IP addresses.
> POPAuthPlugin wants a "access.db style hash file" which I do not have.
>
> Any fix for that?
Generate a hash file rather than a flat file. Alternatively you could
modify the plugin or get someone to modify it for you.
Whether it's worth your while, if you're not looking to scan mail to
catch outgoing mail abuse and rather only are concerned about bayes
training, is probably quite dependent on your user base and whether
you're using individual, domain, or global bayes databases.
Daryl
Re: Whitelisting IP's
Posted by Matt <lm...@gmail.com>.
> > I have a file that contains a list of all the IP's that have
> > successfully POP3'ed there email within last 15 minutes. Its used for
> > POPB4SMTP. Naturally the IP's in the file are constantly changing.
> >
> > /etc/virtual/pophosts
> >
> > Is there anyway to setup Spamassassin to whitelist all IP's in that
> > file? Right now I have it setup in Exim to just not scan messages
> > from those IP's but I think it would be better to scan and whitelist
> > them that way bayes would have more good messages to learn from. Or
> > will it help bayes any? If not I'll just leave it the way it is.
>
> try plugin for checking pop-before-smtp database:
> http://wiki.apache.org/spamassassin/POPAuthPlugin
>
> However that will only work on your system. Generally I'd advise you/your
> clients to use standard SMTP authentication
This seemed like a great solution but naturally did not work. My
popb4smtp database is just a flat file that contains IP addresses.
POPAuthPlugin wants a "access.db style hash file" which I do not have.
Any fix for that?
Matt
Re: Whitelisting IP's
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 07.03.08 09:58, Matt wrote:
> I have a file that contains a list of all the IP's that have
> successfully POP3'ed there email within last 15 minutes. Its used for
> POPB4SMTP. Naturally the IP's in the file are constantly changing.
>
> /etc/virtual/pophosts
>
> Is there anyway to setup Spamassassin to whitelist all IP's in that
> file? Right now I have it setup in Exim to just not scan messages
> from those IP's but I think it would be better to scan and whitelist
> them that way bayes would have more good messages to learn from. Or
> will it help bayes any? If not I'll just leave it the way it is.
try plugin for checking pop-before-smtp database:
http://wiki.apache.org/spamassassin/POPAuthPlugin
However that will only work on your system. Generally I'd advise you/your
clients to use standard SMTP authentication
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.