So..
To answer my own question...
so I edited the file /etc/mail/spamassassin/local.cf
whitelist_from logwatch@localhost.localdomain
Where localhost.localdomain is your hostname.servername
And it worked.
However, I am concerned about spoofing. I would think that mail agent and spamassassin would have an 'okay, it's a local user' thing going on.
They do not.
On the internet there are 1000s of posts like mine, asking questions about this and getting no answers. I hope this helps.
Centos 5.2...
-----Original Message----- From: Bob Hoffman [mailto:bob@bobhoffman.com] Sent: Thursday, September 11, 2008 4:54 AM To: 'centos@centos.org' Subject: Logwatch / spamassassin
Hi all,
Well it took a while for me to figure it out, but apparently my logwatch no longer can be mailed locally on my computer as I believe spamassassin is eating it.
I can send it out to an email address outside my server though. So spamassassin is only checking incoming I guess.
My question is....how do I...or should I.... Make all local mail go straight to the boxes and skip spamasassin entirely..
Or.. Whitelist logwatch.
Apparently, I am guessing, all those nifty log reports are so full of blacklisted urls and ips...well, you get the picure.
Best ways to make this work so I can get it delivered to root again?
Thanks
Bob Hoffman wrote:
So..
To answer my own question...
so I edited the file /etc/mail/spamassassin/local.cf
whitelist_from logwatch@localhost.localdomain
Where localhost.localdomain is your hostname.servername
And it worked.
Sorry, didn't see you'd answered your own question in my previous reply :)
However, I am concerned about spoofing. I would think that mail agent and spamassassin would have an 'okay, it's a local user' thing going on.
They do not.
On the internet there are 1000s of posts like mine, asking questions about this and getting no answers. I hope this helps.
The best method (IMHO) is probably not to accept mail from a non-FQDN in your MTA. There's no good reason I can think of to accept external mail from localhost.localdomain.
Other methods using spamassassin might be to have those mails sent to an account that shouldn't be filtered anyway (such as postmaster) or to write a some header/body checks unique to your logwatch mails to make sure they pass rather than just filtering on the From: sender address.
Take a logwatch email with lots of "bad ips etc" and run it through spamassassin as the same user that spamassassin runs under on that machine and it will give you some info you need to make better decisions
You will actually see how it is getting eval'd and scored...
The best answer(s), and what you use to solve the issue may not be the same thing.
Once you do that, you could actually create a rule called ADMIN_LOGWATCH_LOCAL and have it score appropriately.
Whitelisting is a kludge.
Possibly your trust path could be messed up too.
Many people would say don't allow the MTA to hand to SA, yet if all email must be handed to SA by policy.... you get the idea...
- rh
-
Bob Hoffman -
Ned Slider -
RobertH