To whitelist or not...

Ugo Bellavance ugob at camo-route.com
Thu Mar 16 01:19:57 GMT 2006 

James Gray wrote:
> Hi All,
> 
> Here's the situation.  We don't do any spam scanning in MailScanner (RBL's 
> etc) - we handle all spam filtering in SpamAssassin.  MailScanner then does 
> all the virus/attachment/phishing/etc checks.
> 
> Up until recently, we've been adding addresses to the spam.whitelist.rules 
> to exempt messages from being flagged as spam.  We don't deliver 
> spamassassin reports in the headers so the only thing this did was add to 
> our rule hit counts in MailWatch.
> 
> I've done an experiment.  I've created a rule set for the "Use SpamAssassin" 
> config option and moved a few of the whitelisted addresses into there with 
> a "no" action.  IOW, the "use.sa.rules" file looks like this:
> From:      whitelist_add1 at domain               no
> From:      whitelist_add2 at another-domain       no
> FromOrTo:  default                             yes
> 
> We get a LOT of mail from these whitelisted addresses (they are 
> notifications and messages generated by our systems and our customers' 
> systems) and consequently add a nontrivial amount of load.
> 
> My thinking is that by stopping them from going through SpamAssassin I'll 
> reduce the load, and still achieve the desired effect of "whitelisting" 
> them.  I still want the virus/attachment/etc checking done, just none of 
> the spam stuff.  It appears to be working as I want but I'm not sure if 
> I've missed something important.
> 
> Have I missed something?  Or is this a reasonable approach?

I think it is reasonable.

You may be more secure if you'd add one condition to your ruleset: the 
IP of their server.  This way, you reduce the risk of getting spam with 
a forged address (using your clients).

In the end, your users will tell you if it has negative effect on 
spam-filtering results.

You could use only IP's for e-mail generated from your systems.  Of 
course, if one of your systems gets compromised and start sending spam, 
you have less chance noticing it.  There are other means of lowering 
your load (using rbls, greylisting, etc) but this one may make sense for 
you and other people.

> 
> Cheers.
> 
> James
>

More information about the MailScanner mailing list