Re: [AMaViS-user] thoughts on hard-whitelisting

MrC wrote:

> Dave McGuire wrote:
>> Hey folks. I gather from various sources that it's now considered
>> undesirable to hard-whitelist sender addresses. I understand some of
>> the reasoning behind this, and that is fine...but I do have one
>> situation in which it might be more desirable for me to hard-
>> whitelist or hard-blacklist a sender address rather than simply
>> adding or subtracting a score to the final SpamAssassin score.
>>
>> The most obvious situation that comes to mind is addresses from
>> which one receives a very large number of messages...the system ends
>> up spending a great deal of processor cycles scanning messages
>> unnecessarily. While that may not be a problem on smaller sites, my
>> installation is somewhat large and this does become an issue. I'm
>> continually impressed by the efficiency of amavisd (very zippy
>> despite being written in Perl), but still, burning lots of CPU
>> unnecessarily is something that I would like to avoid.
>>
>> What I would like to do is whitelist certain sender addresses in
>> such a way that they don't get passed through SpamAssassin or virus
>> scanners at all. Ideally I'd like that list to reside in a database
>> server (MySQL or PostgreSQL) but I'd settle for flat files if necessary.
>>
>> If this is indeed possible in amavisd, are there any compelling
>> reasons NOT to do it, and if not, can someone point me in the right
>> direction for how to set that up? (would that be

> One compelling reason... you cannot control or influence the infection
> rates of remote systems.

> It is staggering how many corporate and home PCs are infected with
> various forms of malware, including botting software. User address
> books are routinely culled to supply bot email address databases.

> I personally would never blindly entrust my system's security to some
> other user or admin, especially just to save some cycles.

> MrC

Good point, but if you wanted to bypass SpamAssassin (which would save
some cycles) I think the closest you could get with some margin of safety
(as least as far as forged sender address is concerned) would be:

http://www200.pair.com/mecham/spam/bypassing.html#7

With (optionally) the policy bank loosened up as far as recipients go:

$policy_bank{'SENDERBYPASS'} = {
bypass_spam_checks_maps => [1],
};

At least virus and banned checks would still be performed.

Gary V


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/