On Mon, May 25, 2009 at 10:45:03PM +0200, Per-Olov Sjvholm wrote: > On 25 maj 2009, at 17.50, patrick keshishian wrote: > > > On Mon, May 25, 2009 at 4:03 AM, Per-Olov Sjvholm <p...@incedo.org> > > wrote: > >> Hi misc > >> > >> I was trying to add: > >> "se" or "*.se" to /etc/mail/spamd.alloweddomains which obviously wont > >> work... > >> > >> But adding "xxx.se" works.... > >> > >> > >> l really want to add the whole SE domain as we do not get that much > >> spam > >> from SE and will have a lot less administration. > > > > I think you don't understand the purpose of spamd.alloweddomains file. > > re-reading spamd(8) might be helpful. hint: pay close attention to the > > phrase "destination address" > > > > --patrick > > > Yes > > you are right. > > I removed the spamd.alloweddomains file and all blacklisted headache > disappeared... :-) I was actually looking for a OpenBSD built in > replacement for milter-greylist where you could specify regular > expressions for white listed senders. But it seems you could not white > list senders e-mail adresses, domains or regular expression > combinations with spamd. Or could I ???
Not as it is. But senders addresses are in spam faked. MTA domain could be an useful whitelisting criteria. There is a famous script by Bob Beck called "greyscanner" that parses the spamdb database and traps hosts that are on the grey list. That script calls "spamdb -t -a ..." but could maybe be modified to also whitelist MTA hosts based on their HELO name (after checking reverse DNS lookup). Otherwise a common solution is to have another pf table in addition to spamd-white (I called it spamd-gold) to give permanent whitelisting based on IP address by pf rules such as: table <spamd-gold> persist file "/etc/mail/spamd-gold" : no rdr inet proto tcp from <spamd-gold> to any port smtp And then manually add your friendly IP ranges... > > /Per-Olov > > -- > GPG keyID: 5231C0C4 > GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 > GPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x766ED29D5231C0C4 -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
