The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Whitelist host for spam only

Discussion in 'E-mail Discussions' started by sehh, Sep 28, 2009.

  1. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    How can I whitelist a remote host so that mail from that host does not get scanned by SpamAssassin for spam?

    I looked at "/etc/skipsmtpcheckhosts" but that skips ALL checks and allows the remote host to even use my server as a proxy. I also looked at "/etc/senderverifybypasshosts" and "/etc/trustedmailhosts" but they are not useful.

    Thank you.
     
  2. MattCurry

    MattCurry Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    275
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Tx
    Whitelist

    Hello,

    I do apologize for your issues, however as far I see that would be the most common way of doing this. The only other way would be to customize this to your personal setup as you have described below. This would mean custom ACLs, and unfortunately this is not something we could support directly.

    Thank you,
    Matthew Curry
     
  3. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Understood.

    Unfortunately, its an all-or-nothing situation. I only need to by-pass SA from scanning a specific host, but I don't want to give them full access.

    Temporarily, I've given then full access by adding their host in the "/etc/skipsmtpcheckhosts" file, but I can't allow that for long.
     
  4. cPanelStephen

    cPanelStephen Active Member
    Staff Member

    Joined:
    Aug 7, 2007
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    You can accomplish this by adding the following line to the check_message ACL in your exim configuration:

    Code:
    accept sender_domains = lsearch;/etc/spamfreedomains
    
    To do this, go to WHM -> Exim Configuration Editor -> Advanced Editor, and place the aforementioned line so the default_check_message_pre looks like this:

    Code:
    check_message:
    #  Enabling this will make the server non-rfc compliant
    #  require verify = header_sender
    accept  hosts = 127.0.0.1 : +relay_hosts
    
    accept sender_domains = lsearch;/etc/spamfreedomains
    
    If possible, you may want to consider implementing this whitelist based on the source host IP, rather than the domain. While an unlikely scenario, this would prevent people from masquerading as that domain, and circumventing your spam filters as a result.

    To do this, you would simply change the ACL addition to:

    Code:
    accept hosts = net-iplsearch;/etc/spamfreehosts
    
    Note that either way you implement this, you will need to create the /etc/spamfree(hosts|domains) file before applying the changes. Failing to do this will render that ACL, and message delivery in a broken state.

    Code:
    touch /etc/spamfreedomains
    chown root:mail /etc/spamfreedomains
    chmod 0750 /etc/spamfreedomains
    
     
    #4 cPanelStephen, Oct 2, 2009
    Last edited by a moderator: Jun 3, 2015
  5. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    wow, man you are good!

    thank you very much for taking the time to write the above solution.

    much appreciated!
     
  6. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Stephen,

    can you please give a similar example for whole email addresses? For example:

    /etc/spamfreeemails

    which would contain whole email addresses, like:

    user@emaildomain.com


    Thank you!
     
Loading...

Share This Page