How to configure amavisd-new for only scanning on particular senders/servers?
Solution 1:
Amavisd whitelist all except certain domain
What you need is whitelist_sender_map (here) with regex lookaround (here)
Whitelist all except Domain.X
@whitelist_sender_maps = ( new_RE( qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i ));
Whitelist all except Domain And Sub-Domain of X
@whitelist_sender_maps = ( new_RE( qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i ));
Modifying
For example, adding msn.com to whitelist exception
@whitelist_sender_maps = ( new_RE( qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$|msn\.com$))'i ));
DON'T BREAK THAT RULE INTO MULTIPLE RULES, IT IS NOT WHAT YOU WANT
Breaking the rules in 2 or more lines will WHITELIST EVERYTHING!!
(I will put this section in red if possible)
In simple terms, whitelist is a sequencial check, one line/rule at a time.
Let look at the following WRONG example
# DO NOT COPY THIS @whitelist_sender_maps = ( new_RE( qr'@(?!(gmail\.com$|hotmail\.com$))'i, qr'@(?!(aol\.com$|msn\.com$))'i )); # DO NOT COPY THIS
- Anything from msn.com will pass, because the 1st line return TRUE, and the check stop.
- Anything from gamil.com will pass, because after failing the 1st line, amavisd move to the 2nd line, which will return TRUE.
- What about domain not in the list? They will pass. This is the intention of the rule!
You end up whitelisting all senders!!
Perl Testing Program
#!/usr/bin/perl use strict; # Reject Domain & Sub-Domain #my $REGinfo='==Reject Domain & Sub-Domain==' #my $REG=qr'[@.](?!(gmail\.com$|hotmail\.com$|aol\.com$))'i; # Exact domain only my $REGinfo='==Exact Domain Only=='; my $REG=qr'@(?!(gmail\.com$|hotmail\.com$|aol\.com$))'i; print $REGinfo."\n"; print '$REG='.$REG."\n\n"; my @strTest = ( '[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]' ); for my $i (0 .. $#strTest){ if ($strTest[$i] =~ $REG) { print ("Pass $strTest[$i]\n"); } else { print ("Fail $strTest[$i]\n"); } }