You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by William Taylor <wi...@corp.sonic.net> on 2010/09/08 01:11:24 UTC

unblacklist_from_rcvd

I want to be able to only allow a certain email to be sent from one of several hosts.

Currently im doing something like:

blacklist_from	sales@foo.com
whitelist_from_rcvd sales@foo.com mail.foo.com
whitelist_from_rcvd sales@foo.com sales.foo.com

This doesn't really do what I want because the blacklist and whitelist scores cancel each other out.

I saw talk in the past (2002?) about adding a unblacklist_from_rcvd

what I really want is a
blacklist_from sales@foo.com
unblacklist_from_rcvd sales@foo.com mail.foo.com

OR

only_allow_from_rcvd sales@foo.com mail.foo.com


What are my options for to accomplish this?

Thanks,
  William

Re: unblacklist_from_rcvd

Posted by William Taylor <wi...@corp.sonic.net>.

On Sep 7, 2010, at 6:36 PM, Matt Kettler wrote:

> On 9/7/2010 7:11 PM, William Taylor wrote:
>> I want to be able to only allow a certain email to be sent from one of several hosts.
>> 
>> Currently im doing something like:
>> 
>> blacklist_from	sales@foo.com
>> whitelist_from_rcvd sales@foo.com mail.foo.com
>> whitelist_from_rcvd sales@foo.com sales.foo.com
>> 
>> This doesn't really do what I want because the blacklist and whitelist scores cancel each other out.
>> 
>> I saw talk in the past (2002?) about adding a unblacklist_from_rcvd
>> 
>> what I really want is a
>> blacklist_from sales@foo.com
>> unblacklist_from_rcvd sales@foo.com mail.foo.com
>> 
>> OR
>> 
>> only_allow_from_rcvd sales@foo.com mail.foo.com
>> 
>> 
>> What are my options for to accomplish this?
> SA does not have any support for this.
> 
> The unblacklist commands do exist, but will only remove an entry that they match *EXACTLY*. Their function is implemented as "if this is found, delete it", and are intended to allow a user_prefs to completely delete site-wide white/blacklist entries. They cannot be used to create a blacklist with "holes" in it.
> 
> You can negate a blacklist with a whitelist, but the scores simply offset, as you've seen.
> 
> It is possible to change the scores of the whitelist rule, to make it larger in magnitude than the blacklist rule, and thus keeping some negative score..
> i.e: adding this to your local.cf:
> 
> score USER_IN_WHITELIST -120.000
> 
> Would cause any white/black overlap to result in a -20 score. However, any whitelists without overlap would now get -120 instead of -100... That may or may not be an issue for you, but it is one approach to the problem you have.
> 
> 
> see also man Mail::SpamAssassin::Conf:
> 
>    unwhitelist_from_rcvd add@ress.com
>        Used to override a default whitelist_from_rcvd entry, so for example
>        a distribution whitelist_from_rcvd can be overridden in a local.cf
>        file, or an individual user can override a whitelist_from_rcvd entry
>        in their own "user_prefs" file.
> 
>        The specified email address has to match exactly the address
>        previously used in a whitelist_from_rcvd line.
> 

Yes I already looked at the docs && code and saw how they match.
I figured a "black list address if not received through this host" feature would be a pretty desirable feature for folks especially larger companies with large use bases that have addresses like sales/support etc.

I guess I could hack something in but figured I would ask first to make sure the code didn't exist out there somewhere first.

Re: unblacklist_from_rcvd

Posted by Matt Kettler <mk...@verizon.net>.

  On 9/7/2010 7:11 PM, William Taylor wrote:
> I want to be able to only allow a certain email to be sent from one of several hosts.
>
> Currently im doing something like:
>
> blacklist_from	sales@foo.com
> whitelist_from_rcvd sales@foo.com mail.foo.com
> whitelist_from_rcvd sales@foo.com sales.foo.com
>
> This doesn't really do what I want because the blacklist and whitelist scores cancel each other out.
>
> I saw talk in the past (2002?) about adding a unblacklist_from_rcvd
>
> what I really want is a
> blacklist_from sales@foo.com
> unblacklist_from_rcvd sales@foo.com mail.foo.com
>
> OR
>
> only_allow_from_rcvd sales@foo.com mail.foo.com
>
>
> What are my options for to accomplish this?
SA does not have any support for this.

The unblacklist commands do exist, but will only remove an entry that 
they match *EXACTLY*. Their function is implemented as "if this is 
found, delete it", and are intended to allow a user_prefs to completely 
delete site-wide white/blacklist entries. They cannot be used to create 
a blacklist with "holes" in it.

You can negate a blacklist with a whitelist, but the scores simply 
offset, as you've seen.

It is possible to change the scores of the whitelist rule, to make it 
larger in magnitude than the blacklist rule, and thus keeping some 
negative score..
i.e: adding this to your local.cf:

score USER_IN_WHITELIST -120.000

Would cause any white/black overlap to result in a -20 score. However, 
any whitelists without overlap would now get -120 instead of -100... 
That may or may not be an issue for you, but it is one approach to the 
problem you have.

see also man Mail::SpamAssassin::Conf:

     unwhitelist_from_rcvd add@ress.com
         Used to override a default whitelist_from_rcvd entry, so for example
         a distribution whitelist_from_rcvd can be overridden in a local.cf
         file, or an individual user can override a whitelist_from_rcvd entry
         in their own "user_prefs" file.

         The specified email address has to match exactly the address
         previously used in a whitelist_from_rcvd line.