Discussion:
[SA-exim] White listing
Beginner
2006-09-18 14:52:49 UTC
Permalink
Hi,

Debian (Alpha) 3.1, SA-Exim-Version: 4.2.

I am trying to find a effective way to whitelist senders.

I have been using a web interface to SA's
$f->add_address_to_whitelist($addr) to allow users to whitelist
senders. However this method uses the auto whitelist (AWL) and I am
told that this it not the best suited to whitelist senders. The best
practise, I am told, it to either add the senders to a *cf file in
/etc/spamassassin (involves a HUP) or better still in a exim
whitelist.

What I am stuck on is how to enable local_sender_whitelist

The file exists:
-rwxr-xr-x www-data root /etc/exim4/local_sender_whitelist

There are files in the acl dir that refer to
CONFDIR/local_sender_whitelist but I am not certain they are being
used. However in my tests users that have been added to the file are
still being scanned and failing. It is becoming quite a problem as
the number of false positives seems to be increasing.

Ideally I would like entries in the local_sender_whitelist to be
stamped with the warn X-SA header that allows them to be skipped from
normal scanning but I'll settle for any thing at this stage.

Any help would be appreciated.
TIA.
Marc MERLIN
2006-09-19 04:16:30 UTC
Permalink
On Mon, Sep 18, 2006 at 03:52:49PM +0100, Beginner wrote:
> Hi,
>
> Debian (Alpha) 3.1, SA-Exim-Version: 4.2.
>
> I am trying to find a effective way to whitelist senders.
>
> I have been using a web interface to SA's
> $f->add_address_to_whitelist($addr) to allow users to whitelist
> senders. However this method uses the auto whitelist (AWL) and I am
> told that this it not the best suited to whitelist senders. The best
> practise, I am told, it to either add the senders to a *cf file in
> /etc/spamassassin (involves a HUP) or better still in a exim
> whitelist.
>
> What I am stuck on is how to enable local_sender_whitelist
>
> The file exists:
> -rwxr-xr-x www-data root /etc/exim4/local_sender_whitelist
>
> There are files in the acl dir that refer to
> CONFDIR/local_sender_whitelist but I am not certain they are being
> used. However in my tests users that have been added to the file are
> still being scanned and failing. It is becoming quite a problem as
> the number of false positives seems to be increasing.

/etc/exim4/local_sender_whitelist doesn't get magically read

> Ideally I would like entries in the local_sender_whitelist to be
> stamped with the warn X-SA header that allows them to be skipped from
> normal scanning but I'll settle for any thing at this stage.

Are you familiar with the Exim configuration file works?
If not, you should read up on it.
Did you read the SA-Exim documentation? (specifically the
'EXIM4 INTEGRATION / NOT SCANNING YOUR OWN MAILS' section) ?

If not, please do so, you should find your answers there.

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Beginner
2006-09-19 07:14:43 UTC
Permalink
On 18 Sep 2006 at 21:16, Marc MERLIN wrote:

> On Mon, Sep 18, 2006 at 03:52:49PM +0100, Beginner wrote:
> > Hi,
> >
> > Debian (Alpha) 3.1, SA-Exim-Version: 4.2.
> >
> > I am trying to find a effective way to whitelist senders.


> > There are files in the acl dir that refer to
> > CONFDIR/local_sender_whitelist but I am not certain they are being
> > used. However in my tests users that have been added to the file are
> > still being scanned and failing. It is becoming quite a problem as
> > the number of false positives seems to be increasing.
>
> /etc/exim4/local_sender_whitelist doesn't get magically read
>
> > Ideally I would like entries in the local_sender_whitelist to be
> > stamped with the warn X-SA header that allows them to be skipped from
> > normal scanning but I'll settle for any thing at this stage.
>
> Are you familiar with the Exim configuration file works?



> If not, you should read up on it.
> Did you read the SA-Exim documentation? (specifically the
> 'EXIM4 INTEGRATION / NOT SCANNING YOUR OWN MAILS' section) ?
>
> If not, please do so, you should find your answers there.
>
> Marc

Thanx. A little more help if you can. Is this what I should be doing

warn message = X-SA-Do-Not-Run: Yes
senders = CONFDIR/local_host_whitelist

and then allow the SAEximRunCond to do a condictional check on the
headers?
Marc MERLIN
2006-09-20 18:00:07 UTC
Permalink
On Tue, Sep 19, 2006 at 08:14:43AM +0100, Beginner wrote:
> Thanx. A little more help if you can. Is this what I should be doing
>
> warn message = X-SA-Do-Not-Run: Yes
> senders = CONFDIR/local_host_whitelist

you probably want to use lsearch here

> and then allow the SAEximRunCond to do a condictional check on the
> headers?

As already shown in the docs I pointed to, yes.

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Loading...