Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: magwm on August 18, 2008, 10:26:35 AM
-
Hello,
I would like to know if there is a way to automatically add recipients of outgoing mails to the spamassassin whitelist on SME 7.3.
I am using one of the contribs at the moment (E-mail WBL) which does basic black/whitelist, but it would be much better if users could simply reply to a mail to put it on whitelist.
in the mean time, thanks to you all for the fantastic distro&forum,
Michel
-
I would like to know if there is a way to automatically add recipients of outgoing mails to the spamassassin whitelist on SME 7.3.
I don't believe there is, although this would be a nice feature.
Enabling Bayes in the server-manager will help, as in time Bayes will teach Spamassassin not to adversely score those you send email to as spam.
Greg
-
so no one thinks this is possible? how could I rais a feature request? does that go through the bugzilla as well?
greetings, M
-
tai64nlocal < /var/log/qmail/current | grep -i "to remote" | awk '{ print $10 }' | sort | uniq
gives you a nice list to start with...
edit: quote fix...
-
Thanksalot, Elmarconi!
but what can I do with this list? pasting it into the WBL contrib f*w$%&$cks up the db, so I have to clean it. Would someone know where to hire someone to create a system like this?
Specifically, I would like to
- put onto the whitelist all addresses we send mail to
or, even better,
- when spamassassin reports that a mail is ***SPAM***, be able to send return the mail to a specific address, which results in whitelisting the address or make spambayes learn it it not spam..
any thoughts, anyone?
-
Here is not exactly what you are asking for but it may be worth your time to look at:
http://wiki.contribs.org/Sme-unjunkmgr
-
now that is a VERY good tip!
Thanks a lot! Michel :-D
-
Rather than relying on the default spamassasisin settings and entering email addresses manually onto the whitelist, I also implemented the AWL (autoWhiteList). So far it has worked well.
Not quite a whitelist but more an aid to scoring as you will read here > http://wiki.apache.org/spamassassin/AutoWhitelist
-
I have been thinking about creating exactly what you request - I have been concerned about how SpamAssassin would react to a very large WhiteList if it was individual addresses and not domains. For my network we send to properly thousands of users and the list would grow quickly - would that maybe slow down SA significantly?, what is the limits of SA?, etc.
I think that a small script could be created that graps the "To:" in all outgoing emails and convert these into a SA WhiteList - maybe on a daily basis....
The command:
tai64nlocal < /var/log/qmail/current | grep -i "to remote" | awk '{ print $10 }' | sort | uniq
Will be a good start, next is to exclude local emails which could be done someting like this:
tai64nlocal < /var/log/qmail/current | grep -i "to remote" | awk '{ print $10 }' | sort | uniq | grep -v `domainname`
Then this has to be augmented to /etc/mail/spamassassin/local.cf as "whitelist_from <email address> properly done via a template. But all this has to be kept in a DB so it is maintained over log rotates.
-
Couldn't help making a little script that should make this possible. If you place this script in /etc/cron.daily then you will get an increasingly growing whitelist created on a daily basis for all people you send email to. Notice that if you have multiple domains on your server you send from these are not filtered out and hence make the DB a little larger than needed. Make sure to make the script executable (chmod +x <script>)
#!/bin/bash
# The Database is stored in
DB='/usr/local'
if [ ! -e $DB/userwhitelist ]; then
echo "User Whitelist database doesn't exist - creating intial version"
touch $DB/userwhitelist
fi
cat $DB/userwhitelist > userwhitelist.tmp
tai64nlocal < /var/log/qmail/current | grep -i "to remote" | awk '{ print $10 }' | sort -u | grep -v `domainname` >> userwhitelist.tmp
cat userwhitelist.tmp | sort -u > $DB/userwhitelist
# A little clean-up
rm -rf userwhitelist.tmp
# Now make the SpamAssassin local.cf template
USERS=`cat $DB/userwhitelist`
# Clear User List
rm -rf /etc/e-smith/templates/etc/mail/spamassassin/local.cf/90SentUserWhiteList
for USER in $USERS; do
echo "whitelist_from $USER" >> /etc/e-smith/templates/etc/mail/spamassassin/local.cf/90SentUserWhiteList
done
# Expand Templates for SpamAssassin
/sbin/e-smith/expand-template /etc/mail/spamassassin/local.cf
# Lastly we need SpamAssassin to start using these new settings
/sbin/e-smith/signal-event email-update
Let me know how this works.
Enjoy,
Jesper
-
cat userwhitelist.tmp | sort -u > $DB/userwhitelist
Would add another uniq to prevent double entries in the $DB/userwhitelist...
-
Where would you add this? This script does already have this after userwhitelist.tmp has been appended and before the clean-up (sort -u does the same a uniq)
-
(sort -u does the same a uniq)
<blush> Oops, you're right....
-
Hello, I am trying this script now.. as an addittion to WBL. - I hope it is possible..
the only error I found is the part after "grep -v 'domainname'" which should be "grep -v domainname" (without the single quotes)
as for the rest, I don't understand how spamassassin would use the database, but that may be my misunderstanding.
I'll post the results -
ciao, Michel
-
Michel,
How did this work out? I am writing a script for spam learning and would lke to incorporate this too.
Thanks,
Kevin
-
hi Kevin,
i say this helped much! I just told my users they had to reply to false positives, and so they did.. I discovered a few malformed email addresses in the list (with ' and /) but for the rest it seems to work..
it's just that I can't test it as I don't know how to make a false positive..
ciao, Michel
-
<blush> Oops, you're right....
uniq -i would also filter out upper/lowercase writing typo's...
So I would replace:
cat userwhitelist.tmp | sort -u > $DB/userwhitelist
with:
cat userwhitelist.tmp | sort | uniq -i > $DB/userwhitelist
Other than that it seems OK! Feed it with old qmail logs:
cat /var/log/qmail/*.s | tai64nlocal | grep -i "to remote" | awk '{ print $10 }' | sort -u | grep -v `domainname`
-
just as a possible alternative.. I believe ASSP has auto-whitelisting for sent emails
-
Please pay attention to the fact that if one of you client PCs gets infected via a BOT then all the email addresses it sends to will be whitelisted. Therefore always track the amount of emails sent out and make sure to enable SMTP proxy on your email server.
A smarter way to incorporate whitelisting would be do do this as a plugin to qpsmtpd the same way as SpamAssassin is today.
Rgds,
Jesper
-
Well I believe Spamassassin is part of Sme isn't it? How would i have to implement such a plugin?
ciao, Michel
-
yes, SpamAssassin is part of SME.
See that is where you have to work :-) All the plugins are located in /usr/share/qpsmtpd/plugins, so here you will have to find one you can start from.
-
Hello Knuddi,
first of all, let me say that in any case I don't like whitelisting at all.
Actually what I really needed was an easy way to make my users handle the false positives that spamassassin regretfully generated. It must be an easy way, and replying is as easy as it can get..
so maybe it would be more correct to whitelist only mails that get answered and have ***SPAM*** in the subject. but I wouldn't know how to do that.
alternatively it would be possible to make a thisisnotspam@domain.it account and make them forward to it. but i would not know where to go from there.
but. shouldn't bayesian learning learn from outgoing mails and score the messages so that mails that get answered would pass even if they weren't in the whitelist?
Anyway thanks for the info, however I wouldn't be able to make a new plugin. and moreover, if we were infected by a virus it wouls use email addresses from our address books wouldn't it?
well now back to my users.. ciaociao, Michel