How to configure amavisd-new for only scanning on particular senders/servers?

Solution 1:

Amavisd whitelist all except certain domain

What you need is whitelist_sender_map (here) with regex lookaround (here)

Whitelist all except Domain.X

@whitelist_sender_maps = ( new_RE(
    qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i
));

Whitelist all except Domain And Sub-Domain of X

@whitelist_sender_maps = ( new_RE(
    qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i
));

Modifying

For example, adding msn.com to whitelist exception

@whitelist_sender_maps = ( new_RE(
    qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$|msn\.com$))'i
));

DON'T BREAK THAT RULE INTO MULTIPLE RULES, IT IS NOT WHAT YOU WANT

Breaking the rules in 2 or more lines will WHITELIST EVERYTHING!!

(I will put this section in red if possible)

In simple terms, whitelist is a sequencial check, one line/rule at a time.

Let look at the following WRONG example

# DO NOT COPY THIS
@whitelist_sender_maps = ( new_RE(
    qr'@(?!(gmail\.com$|hotmail\.com$))'i,
    qr'@(?!(aol\.com$|msn\.com$))'i
));
# DO NOT COPY THIS
  1. Anything from msn.com will pass, because the 1st line return TRUE, and the check stop.
  2. Anything from gamil.com will pass, because after failing the 1st line, amavisd move to the 2nd line, which will return TRUE.
  3. What about domain not in the list? They will pass. This is the intention of the rule!

You end up whitelisting all senders!!

Perl Testing Program

#!/usr/bin/perl

use strict;

# Reject Domain & Sub-Domain
#my $REGinfo='==Reject Domain & Sub-Domain=='
#my $REG=qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i;

# Exact domain only
my $REGinfo='==Exact Domain Only==';
my $REG=qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i;

print $REGinfo."\n";
print '$REG='.$REG."\n\n";

my @strTest = (
    '[email protected]',
    '[email protected]',
    '[email protected]',
    '[email protected]',
    '[email protected]',
    '[email protected]',
    '[email protected]'
);

for my $i (0 .. $#strTest){
    if ($strTest[$i] =~ $REG) {
        print ("Pass $strTest[$i]\n");
    }
    else {
        print ("Fail $strTest[$i]\n");
    }
}