amavisWhiteListSender equivalent for domains?

[jxn]

ZCS NE 6.0.7, second patch

I'm trying to set up some spam whitelisting by domain, so that the whitelist is active for all users on the domain, without having to manually add the whitelist exception for new users as their mailbox accounts are created. I'm wondering if the amavisWhiteListSender attribute is honored by the domain, so that, for instance, I could use:
zmprov md +amavisWhitelistSender safeuser@safedomain.com

Incidentally, can anyone point me to a list of all valid attributes and values for accounts, domains, cos, etc.? I looked, but perhaps I'm not looking in quite the right place?

[ewilen]

I don't think you can do domain-wide whitelisting via zmprov. You could script your account creation using CLI commands, so that the whitelist step will be included, but I think I have a better approach.

as root:

cd /opt/zimbra/conf
cp amavisd.conf.in amavisd.conf.in.bak
vi amavisd.conf.in

Now in the section following the line # read_hash("/var/amavis/sender_scores_sitewide"), add this:

'desireddomain.com' => -15.0,

This should be more than enough to prevent anything from that domain being marked as spam.

Then, as zimbra, do zmamavisdctl stop && zmamavisdctl start.

Finally, look in amavisd.conf and confirm that the change has gone into it.

Note: this change will probably be wiped out when you upgrade, so make a note to re-do it when you upgrade.

[eniomarconcini]

Right, how can I do this but using a mail address instead the domain, its possible?

I need like this:

someone@especificdomain.com
anotherguy@hotmail.com
*@whitehouse.gov

[ewilen]

Just...use a mail address instead of a domain, in the same place within amavisd.conf.in.

Incidentally, a score of -15 really ought to be enough to whitelist anybody, but I've seen spam with scores higher than 40. I highly doubt a legitimate mail could get such a high score without being deliberately crafted to do so. But if you want to be really sure, you can always use a bigger negative number.

[eniomarconcini]

Dear ewilen, I understod, but my problem is more deeper,

as you can see here Improving Anti-spam system - Postfix whitelist when using RBL's

some mail was rejected because of RBL systems (like barracudacentral.org), so I did this trick like explained on wiki (link above).

But, its works to domains, and I need to control manually some email addresses to do not be checked by RBL.

Its possible?

ZCS 7.1

[ewilen]

It's very important to distinguish between MTA-based spam controls and amavis. They don't interact with each other in any way.

There's no way to create per-address exceptions to the MTA-based spam controls.

What you need to do in this case is to turn those MTA-level RBL entries into spam assassin rules. If you search the forums you'll find some examples. Here's one: Allowing some mail to pass through dnsbl checks

Just assign a high enough score to the RBL rule and you'll have effectively treated it as a full blacklist. Then you can create per-address exceptions using either amavisd.conf.in or the individual user's whitelist in Zimbra.

[eniomarconcini]

ewilen, if I have understood right, you suggested me to turn off RBL (from DNS Checks) and all setup of spamcop/sorbs/barracudacentral and others using a config in /opt/zimbra/conf/salocal.cf.in, right?

I think if I do this case like you have explained, spam mail wont be blocked directly like happens using MTA-level RBL, and maybe spam mail will be sent to Spam mailbox of Webmail? and the users can decide what is considered spam or not.

Is right or wrong this my think?

[ewilen]

You are correct that mail from servers that are on those RBLs won't be blocked directly. What happens next depends on the scores you assign to those RBLs, other scores that come out of spamassassin, and the thresholds you've set for tagging and killing spam.

If you would like to have all mail from those servers blocked completely except if your user whitelists the sender, you'll want a very high score for those RBLs--enough to push the total over the kill percent. (Note: percent=spam score * 5.)

Personally, I would back off on the score slightly. E.g. with a kill percent of 75 and a tag score of 22 (equivalent to spam scores of 15 and 4.4, which is what I use), I would just give the RBLs scores of something between 4 and 8. This is still enough to get the mail tagged as "spammy" (gets put into spam folder) provided other elements indicate it's spam.

The reason I'd prefer not to have a single RBL cause a "kill" all by itself is that mail which is "killed" is simply discarded instead of being refused during the MTA transaction. Therefore it doesn't generate a non-delivery report from the sending MTA to the sender, which means that no one is made aware of false positives until somebody starts wondering why they aren't getting mail or why their mail isn't prompting a response.