You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Skip <sb...@dmp.com> on 2007/10/17 18:27:59 UTC

How to trust my "domain"?

I have started to run into a small problem due to some communication
internally with emails being flagged as spam.  Long question made short:
How to I correctly configure SA to trust communication on our network
without trusting spoofed addresses?

- Skip

Re: How to trust my "domain"?

Posted by Bob Proulx <bo...@proulx.com>.

Skip wrote:
> I have started to run into a small problem due to some communication
> internally with emails being flagged as spam.  Long question made short:
> How to I correctly configure SA to trust communication on our network
> without trusting spoofed addresses?

Start here:

  http://wiki.apache.org/spamassassin/TrustPath

First get your trustpath configured correctly.  That will probably
solve most of your trouble.

Then for anything remaining bit read up in the documentation about
whitelist_from_rcvd.

  man Mail::SpamAssassin::Conf

I have never found it necessary to whitelist the local domain.  But it
is sometimes useful to whitelist closely partnered domains.

Bob

RE: How to trust my "domain"?

Posted by "James E. Pratt" <jp...@norwich.edu>.

>> -----Original Message-----
>> From: maillist [mailto:maillist@emailacs.com]
>> Sent: Wednesday, October 17, 2007 2:12 PM
>> To: Skip
>> Cc: users@spamassassin.apache.org
>> Subject: Re: How to trust my "domain"?
>> 
>> Skip wrote:
>> > Guess this would help:
>> >
>> > Using sendmail 8.13.8 with SA 3.2.3
>> >
>> > - Skip
>> >
>> >
>> >> From: Chris 'Xenon' Hanson [mailto:xenon@alphapixel.com]
>> >>    Usually you do this with a combination of trusted_networks
>> >> and exclusion in your scanner.
>> >>
>> >
>> >
>> 
>> You may want to look into mimedefang.  It works well with sendmail,
>> and
>> spamassassin, as well as whatever antivirus you may be running.
>> 
>> If you are already running mimedefang, and assuming that your LAN ip
>> scheme is 10.0.1., then add this bit to the sub filter_end part of
>> mimedefang-filter:
>> 
>>     # stopmyfilter
>>     sub filter_relay($$$) {
>>         my ($ip, $name, $helo) = @_;
>>         if ($ip =~ /10\.0\.1\./)
>>        {
>>          return('ACCEPT_AND_NO_MORE_FILTERING', "ok");
>>        }
>>          else
>>          {
>>            return ('CONTINUE', "ok");
>>          }
>>     }
>> 
>> -Aubrey


As a sidenote, I believe "filter_relay" only works if you either set
MX_RELAY_CHECK=yes in /etc/sysconfig/mimedefang, and/or use the -r
option in mimedefang's init script if not using
/etc/sysconfig/mimedefang to source startup/config options from ...

Re: How to trust my "domain"?

Posted by maillist <ma...@emailacs.com>.

Skip wrote:
> Guess this would help:
>
> Using sendmail 8.13.8 with SA 3.2.3
>
> - Skip
>
>   
>> From: Chris 'Xenon' Hanson [mailto:xenon@alphapixel.com] 
>>    Usually you do this with a combination of trusted_networks 
>> and exclusion in your scanner.
>>     
>
>   

You may want to look into mimedefang.  It works well with sendmail, and 
spamassassin, as well as whatever antivirus you may be running.

If you are already running mimedefang, and assuming that your LAN ip 
scheme is 10.0.1., then add this bit to the sub filter_end part of 
mimedefang-filter:

    # stopmyfilter
    sub filter_relay($$$) {
        my ($ip, $name, $helo) = @_;
        if ($ip =~ /10\.0\.1\./)
       {
         return('ACCEPT_AND_NO_MORE_FILTERING', "ok");
       }
         else
         {
           return ('CONTINUE', "ok");
         }
    }

-Aubrey

Re: How to trust my "domain"?

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 17.10.07 11:45, Skip wrote:
> Guess this would help:
> 
> Using sendmail 8.13.8 with SA 3.2.3

do you use spamass-milter? Look at -i option

> > From: Chris 'Xenon' Hanson [mailto:xenon@alphapixel.com] 
> >    Usually you do this with a combination of trusted_networks 
> > and exclusion in your scanner.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]

RE: How to trust my "domain"?

Posted by Skip <sb...@dmp.com>.

Guess this would help:

Using sendmail 8.13.8 with SA 3.2.3

- Skip

> From: Chris 'Xenon' Hanson [mailto:xenon@alphapixel.com] 
>    Usually you do this with a combination of trusted_networks 
> and exclusion in your scanner.

Re: How to trust my "domain"?

Posted by Chris 'Xenon' Hanson <xe...@alphapixel.com>.

Skip wrote:
> I have started to run into a small problem due to some communication
> internally with emails being flagged as spam.  Long question made short:
> How to I correctly configure SA to trust communication on our network
> without trusting spoofed addresses?

   Usually you do this with a combination of trusted_networks and exclusion in your 
scanner. For example, my qmail/qmail-scanner/SA configuration is set up not to spam scan 
messages that enter my mail system from the LAN, or authenticated/secure outside senders.

> - Skip

-- 
Chris 'Xenon' Hanson, omo sanza lettere                  Xenon AlphaPixel.com
PixelSense Landsat processing now available! http://www.alphapixel.com/demos/
"There is no Truth. There is only Perception. To Perceive is to Exist." - Xen