Hi all,
Well it took a while for me to figure it out, but apparently my logwatch no longer can be mailed locally on my computer as I believe spamassassin is eating it.
I can send it out to an email address outside my server though. So spamassassin is only checking incoming I guess.
My question is....how do I...or should I.... Make all local mail go straight to the boxes and skip spamasassin entirely..
Or.. Whitelist logwatch.
Apparently, I am guessing, all those nifty log reports are so full of blacklisted urls and ips...well, you get the picure.
Best ways to make this work so I can get it delivered to root again?
Thanks
Bob Hoffman wrote:
Hi all,
Well it took a while for me to figure it out, but apparently my logwatch no longer can be mailed locally on my computer as I believe spamassassin is eating it.
I can send it out to an email address outside my server though. So spamassassin is only checking incoming I guess.
My question is....how do I...or should I.... Make all local mail go straight to the boxes and skip spamasassin entirely..
Try adding a whitelist entry to /etc/mail/spamassassin/local.cf. To whitelist all mail from your domain:
whitelist_from *@example.com
Or.. Whitelist logwatch.
or try:
whitelist_from logwatch@example.com
for a single address.
This will add -100 to the score for spamassassin.
<snip>
Try adding a whitelist entry to /etc/mail/spamassassin/local.cf. To whitelist all mail from your domain:
whitelist_from *@example.com
It is very easy to spoof email addresses. It is better to whitelist from ip addresses when possible.
I have been thinking on this for a while now. Since logwatch can send a mail to another server and that server DOES not mark it as spam, that presents a logic issue. Now, the other server does not have as new a spam assassin as the new, so it is hard to check it that way. So I 'replied' to the logwatch file and sent it to a known user, back to the new server. It never arrived.
From that I know a 100% spam assassin is taking it, not based on local
usernames, or any sendmail settings. I had originally thought that because 'logwatch' was not a sender that would be an issue.
I like the 'from ip' whitelist, but is not that spoofable too? I imagine making it both 'logwatch and from this IP' might be better.
In logwatch there is a setting to say who the mail is from, right now it says 'logwatch' but I could always add some long goobledy gook as 'from' like
"alkjfpolp3534j4f9logwatchsd9f9se9sdf9s99fwe"
And then whitelist that, make it like 40 characters or whatever.
I can understand why spamassassin cannot tell it is from a local user or have the ability to just auto whitelist stuff from a local user....but I can forsee problems with interwebsite mails and even things like mailing lists on the server without properly thinking this through.
Never thought this would be an issue, but at least I know how to make it work...sorta.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Scott Silva Sent: Thursday, September 11, 2008 3:04 PM To: centos@centos.org Subject: [CentOS] Re: Logwatch / spamassassin
<snip> > > Try adding a whitelist entry to /etc/mail/spamassassin/local.cf. To > whitelist all mail from your domain: > > whitelist_from *@example.com > It is very easy to spoof email addresses. It is better to whitelist from ip addresses when possible.
-- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
-
Bob Hoffman -
Ned Slider -
Ralph Angenendt -
Scott Silva