Results 1 to 5 of 5

Thread: HOWTO? Whitelist IP Block + SMTP Auth Users

  1. #1
    stbain is offline Junior Member
    Join Date
    Jul 2006
    Location
    Roanoke, VA
    Posts
    7
    Rep Power
    9

    Default HOWTO? Whitelist IP Block + SMTP Auth Users

    I looked through the forums and found a few references to whitelisting techniques using the Postfix and Spamassassin configuration files, but I have yet to find a definitive answer or howto on what needs to be done to whitelist my entire network and any SMTP AUTH authenticated senders to ensure their emails never end up in the Junk folder. We have notifications being sent to customers from our webserver and it is getting labeled as [spam].

    Anyone have any suggestions or additional resources I need to review?

  2. #2
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Quote Originally Posted by stbain
    I looked through the forums and found a few references to whitelisting techniques using the Postfix and Spamassassin configuration files, but I have yet to find a definitive answer or howto on what needs to be done to whitelist my entire network and any SMTP AUTH authenticated senders to ensure their emails never end up in the Junk folder. We have notifications being sent to customers from our webserver and it is getting labeled as [spam].

    Anyone have any suggestions or additional resources I need to review?
    I am not sure there is a actual sanctioned way to do this. I believe that it's possible to do it via spamassassin (insert a rule to validate your local address and pass it on). The SMTP Auth case is a bit harder (You might be able to look at the SMTP header to figure out if the first server is yours, but it's going to take some work).

    I will try and take a look at this tonight and see if there is a easy way to implement that that I am missing.

  3. #3
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    I started playing around with this last night. I have more questions then answers, but AFAIK no one has done this yet, and AFAIK it is possible.There are a couple of problems however:
    1. For Some reason Zimbra likes to pass everything to amavisd-new as user zimbra. This creates restrictions around single user and poisioned spam databases and whitelists. This might also be a postfix problem, or a deliberate design decision.
    2. It's possible to pass auto-white list items to amavis via ldap entries. However these entires are typically for email addresses, not protected ip ranges. I am not sure if Amavis has everything it needs to whitelist based on ip addresses.
    3. Thankfully Amavis has seperate spam controls versus virus controls. However, in my opinion while it is safe maybe to give your local users a boost on the spam score, I think you should spam check just in case you have a spam trojan infect a interion machine
    4. It is possible to whitelist in spamassassin based on sender domain. However, sender domain is frequently abused by spammers, and this will increase the volume of spam non-trivially.


    Zimbra folks, is there a good reason for the single zimbra account for all incoming mail?
    Last edited by JoshuaPrismon; 08-08-2006 at 10:47 AM.

  4. #4
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Your webserver and other hosts should be listed in mynetworks. This will auto-whitelsit them.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  5. #5
    dlbewley is offline Senior Member
    Join Date
    Sep 2006
    Location
    Davis, CA
    Posts
    64
    Rep Power
    8

    Default

    4. It is possible to whitelist in spamassassin based on sender domain. However, sender domain is frequently abused by spammers, and this will increase the volume of spam non-trivially.
    I'm still evaluating Zimbra, but I currently I do this on my existing postfix box:

    In main.cf:
    smtpd_sender_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    check_sender_access hash:$config_directory/access,
    hash:$config_directory/sender_checks

    And in sender_checks :
    # mail from these will be discarded if they do not come from $mynetworks
    # except for the loophole created by SASL authentication
    .my.domain.com REJECT are you spoofing


    So, to retain this functionality I was expecting to setup an SMTP gateway that all mail will be fed through. I'll also have to make sure this gateway can validate addresses an aliases stored in the Zimbra server via LDAP. I'm assuming (*hoping*) that will be possible.
    Last edited by dlbewley; 09-19-2006 at 01:04 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 32
    Last Post: 03-18-2011, 11:03 AM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  3. SMTP auth not working outside of ZCS's subnet
    By dvb in forum Administrators
    Replies: 3
    Last Post: 02-08-2007, 02:34 PM
  4. SMTP Auth error 535
    By FloydWilliams in forum Administrators
    Replies: 0
    Last Post: 01-04-2007, 02:33 PM
  5. Enable SMTP Auth to external users
    By VictorMedina in forum Administrators
    Replies: 1
    Last Post: 05-24-2006, 10:06 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •