How to configure amavisd-new for only scanning on particular senders/servers?
Solution 1:
Amavisd whitelist all except certain domain
What you need is whitelist_sender_map (here) with regex lookaround (here)
Whitelist all except Domain.X
@whitelist_sender_maps = ( new_RE(
qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i
));
Whitelist all except Domain And Sub-Domain of X
@whitelist_sender_maps = ( new_RE(
qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i
));
Modifying
For example, adding msn.com to whitelist exception
@whitelist_sender_maps = ( new_RE(
qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$|msn\.com$))'i
));
DON'T BREAK THAT RULE INTO MULTIPLE RULES, IT IS NOT WHAT YOU WANT
Breaking the rules in 2 or more lines will WHITELIST EVERYTHING!!
(I will put this section in red if possible)
In simple terms, whitelist is a sequencial check, one line/rule at a time.
Let look at the following WRONG example
# DO NOT COPY THIS
@whitelist_sender_maps = ( new_RE(
qr'@(?!(gmail\.com$|hotmail\.com$))'i,
qr'@(?!(aol\.com$|msn\.com$))'i
));
# DO NOT COPY THIS
- Anything from msn.com will pass, because the 1st line return TRUE, and the check stop.
- Anything from gamil.com will pass, because after failing the 1st line, amavisd move to the 2nd line, which will return TRUE.
- What about domain not in the list? They will pass. This is the intention of the rule!
You end up whitelisting all senders!!
Perl Testing Program
#!/usr/bin/perl
use strict;
# Reject Domain & Sub-Domain
#my $REGinfo='==Reject Domain & Sub-Domain=='
#my $REG=qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i;
# Exact domain only
my $REGinfo='==Exact Domain Only==';
my $REG=qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i;
print $REGinfo."\n";
print '$REG='.$REG."\n\n";
my @strTest = (
'[email protected]',
'[email protected]',
'[email protected]',
'[email protected]',
'[email protected]',
'[email protected]',
'[email protected]'
);
for my $i (0 .. $#strTest){
if ($strTest[$i] =~ $REG) {
print ("Pass $strTest[$i]\n");
}
else {
print ("Fail $strTest[$i]\n");
}
}