The method behind the madness
in [Postfix]
|
From: "Daniel L. Miller" on 18 Jan 2010 14:30 Stan Hoeppner wrote: > Daniel L. Miller put forth on 1/18/2010 12:51 PM: > > >> A point - and a good one for initialization of the whitelist. However, >> this does not address the need to add new addresses to the list >> automatically. Example - our company changes insurance brokers, and >> needs to receive forms from the new broker. Such communications should >> not be reliant on the IT department "unlocking" the mail server - just >> the act of the office manager's sending an e-mail to the broker should >> be sufficient. >> > > Daniel, it seems you're looking for feature perfection in rev. 0.1.1 of an as > yet created home brew software solution. Do you think you might be setting your > sights a bit high? And what's wrong with setting your sights high? Or wanting to plan things out before diving in? > Is this because you already have a solution that does all > these things perfectly, and you're _expecting_ your new home brew solution to do > the same right from the start? > Yes - ASSP. But I'd like to implement it as a "pure" Postfix solution instead of a proxy server. > If you _need_ a home brew solution _now_, start small and inelegant, getting > most of the functionality you want/need. This can be done with simple scripts > and cron. After it's working relatively well, _then_ spend time creating the > "elegant" solution. JMHO. > But the main thing is having OP-maintained lists is exactly what I'm trying to avoid and completely misses the point of having an auto-whitelist. -- Daniel
From: "Daniel L. Miller" on 18 Jan 2010 14:43 Sahil Tandon wrote: > On Sun, 17 Jan 2010, Daniel L. Miller wrote: > > >> The goal is simple - there are some people & businesses my company >> needs to correspond with no matter how strict my filter, and no >> matter how badly the remote site is configured. Waiting to receive >> a message carrying critical business information is simply >> unacceptable - so I need an alternative. ASSP provides me with one >> - by the simple act of a user sending a message to a remote, that >> address and/or domain is immediately whitelisted and immediately >> bypasses nearly all the spam filters (virus scans still occur). >> > > I do not know of a stock Postfix feature that provides this > functionality. amavisd-new has 'pen pals' which does something similar > to what you desire. Question: does ASSP simply whitelist the envelope > sender if it matches the envelope recipient of a message sent by one of > your users? That is to say, are messages spoofed with whitelisted > envelope senders simply given a free pass through all your checks? > > Not 100% - but close. There are also options (which I use) which whitelist not only the targeted recipient, but any other mail fields (like reply-to, list-*, etc) get added, and whitelisting the entire domain rather than just the one mail user. Bayesian checks, greylist, and few other ASSP checks are bypassed - but SPF & SenderBase are still in effect. I believe there is also some MX validation that also takes place - but for the most part I would say spoofed senders could bypass the checks. Should this happen, such senders can be placed on a "redlist" which means they can never be added to the whitelist - and must pass the usual checks. Commonly spoofed addresses like yahoo, google, etc I have in the redlist. In the last couple years I've been using it - I've never had a problem with spoofed addresses. -- Daniel
From: LuKreme on 18 Jan 2010 15:04 On 18-Jan-2010, at 11:37, Victor Duchovni wrote: > This thread is NOT about address validation, it is about automatic > whitelisting of addresses (as senders) that are observed in outgoing > mail as recipients. No validation is required. This should be pretty easy to add into a greylisting service or even something like pop-before-smtp (I think it could very easily be modified, it's already scanning the maillog). As for bypassing all the anti-spam checks, just put this check high in your list so that it is run before other checks. -- I WILL NOT CALL MY TEACHER "HOT CAKES" Bart chalkboard Ep. 7G10
From: "Steve" on 18 Jan 2010 17:05 -------- Original-Nachricht -------- > Datum: Mon, 18 Jan 2010 11:30:49 -0800 > Von: "Daniel L. Miller" <dmiller(a)amfes.com> > An: Postfix users <postfix-users(a)postfix.org> > Betreff: Re: The method behind the madness > Stan Hoeppner wrote: > > Daniel L. Miller put forth on 1/18/2010 12:51 PM: > > > > > >> A point - and a good one for initialization of the whitelist. However, > >> this does not address the need to add new addresses to the list > >> automatically. Example - our company changes insurance brokers, and > >> needs to receive forms from the new broker. Such communications should > >> not be reliant on the IT department "unlocking" the mail server - just > >> the act of the office manager's sending an e-mail to the broker should > >> be sufficient. > >> > > > > Daniel, it seems you're looking for feature perfection in rev. 0.1.1 of > an as > > yet created home brew software solution. Do you think you might be > setting your > > sights a bit high? > And what's wrong with setting your sights high? Or wanting to plan > things out before diving in? > > Is this because you already have a solution that does all > > these things perfectly, and you're _expecting_ your new home brew > solution to do > > the same right from the start? > > > Yes - ASSP. But I'd like to implement it as a "pure" Postfix solution > instead of a proxy server. > > If you _need_ a home brew solution _now_, start small and inelegant, > getting > > most of the functionality you want/need. This can be done with simple > scripts > > and cron. After it's working relatively well, _then_ spend time > creating the > > "elegant" solution. JMHO. > > > > But the main thing is having OP-maintained lists is exactly what I'm > trying to avoid and completely misses the point of having an > auto-whitelist. > It's not hard to write a small Perl script doing that automatically. I have done that and my current implementation is 132 LOC. It's ultra easy and stores the AWL data in MySQL. One does not need to be a rocket science to code that in Perl. Just a small Postfix policy service that returns every time a DUNNO but uses the data from the Postfix policy delegation to feed the AWL. > -- > Daniel -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
From: marknernberg on 18 Jan 2010 17:17
On Jan 18, 2010, at 17:05, "Steve" <steeeeeveee(a)gmx.net> wrote: > > -------- Original-Nachricht -------- >> Datum: Mon, 18 Jan 2010 11:30:49 -0800 >> Von: "Daniel L. Miller" <dmiller(a)amfes.com> >> An: Postfix users <postfix-users(a)postfix.org> >> Betreff: Re: The method behind the madness > >> Stan Hoeppner wrote: >>> Daniel L. Miller put forth on 1/18/2010 12:51 PM: >>> >>> >>>> A point - and a good one for initialization of the whitelist. >>>> However, >>>> this does not address the need to add new addresses to the list >>>> automatically. Example - our company changes insurance brokers, >>>> and >>>> needs to receive forms from the new broker. Such communications >>>> should >>>> not be reliant on the IT department "unlocking" the mail server - >>>> just >>>> the act of the office manager's sending an e-mail to the broker >>>> should >>>> be sufficient. >>>> >>> >>> Daniel, it seems you're looking for feature perfection in rev. >>> 0.1.1 of >> an as >>> yet created home brew software solution. Do you think you might be >> setting your >>> sights a bit high? >> And what's wrong with setting your sights high? Or wanting to plan >> things out before diving in? >>> Is this because you already have a solution that does all >>> these things perfectly, and you're _expecting_ your new home brew >> solution to do >>> the same right from the start? >>> >> Yes - ASSP. But I'd like to implement it as a "pure" Postfix >> solution >> instead of a proxy server. >>> If you _need_ a home brew solution _now_, start small and inelegant, >> getting >>> most of the functionality you want/need. This can be done with >>> simple >> scripts >>> and cron. After it's working relatively well, _then_ spend time >> creating the >>> "elegant" solution. JMHO. >>> >> >> But the main thing is having OP-maintained lists is exactly what I'm >> trying to avoid and completely misses the point of having an >> auto-whitelist. >> > It's not hard to write a small Perl script doing that automatically. > I have done that and my current implementation is 132 LOC. It's > ultra easy and stores the AWL data in MySQL. One does not need to be > a rocket science to code that in Perl. Just a small Postfix policy > service that returns every time a DUNNO but uses the data from the > Postfix policy delegation to feed the AWL. > > I have achieved this with a slightly hacked TMDA (www.tmda.net). if you want my modifications, contact me off-list. |