To whitelist or not...

James Gray james at grayonline.id.au
Fri Mar 17 05:54:48 GMT 2006 

On Thu, 16 Mar 2006 12:19 pm, Ugo Bellavance wrote:
> James Gray wrote:
> > I've done an experiment.  I've created a rule set for the "Use
> > SpamAssassin" config option and moved a few of the whitelisted addresses
> > into there with a "no" action.  IOW, the "use.sa.rules" file looks like
> > this:
> > From:      whitelist_add1 at domain               no
> > From:      whitelist_add2 at another-domain       no
> > FromOrTo:  default                             yes
>
> I think it is reasonable.
>
> You may be more secure if you'd add one condition to your ruleset: the
> IP of their server.  This way, you reduce the risk of getting spam with
> a forged address (using your clients).

Good point.  The problem is some of the senders (like hp.com) have so many 
MTA's that messages come from, it's going to be hard to include them all.  It 
*would* be the ideal though.  I'll definitely do it for our internal machines 
(all the senders will be in very well defined private subnets).

> In the end, your users will tell you if it has negative effect on
> spam-filtering results.

Indeed they will :)

> You could use only IP's for e-mail generated from your systems.  Of
> course, if one of your systems gets compromised and start sending spam,
> you have less chance noticing it.

True, but the internal machines are fairly well controlled and firewalled 
VM's.  So if a machine gets 0wn3d (highly unlikely) we can simply hose the 
image and restore a known working one :)  Gotta love virtualisation!

> There are other means of lowering your load (using rbls, greylisting, etc)
> but this one may make sense for you and other people.

Thanks Ugo.  I've done a lot of performance tuning on our MailScanner boxes.  
The problem is that they are running on "superseded" hardware[1] - mail 
gateways are very non-glamourous boxes that don't attract a lot of budget 
(mail is merely a tool - not our business focus).  We make do, but anything 
to reduce unnecessary load is a Good Thing(tm).

Thanks,

James
[1] Superseded but still server class kit (not PC's or anything dinky like 
that).  All are P3/Xeon > 1GHz boxes with lots of ECC RAM and SCSI drives on 
Gigabit links.  I'd really like some Sun or Opteron kit though :)
-- 
I've Been Moved!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060317/99bd0336/attachment.bin

More information about the MailScanner mailing list