[CentOS] Re: Logwatch / spamassassin
bob at bobhoffman.com
Thu Sep 11 20:39:34 UTC 2008
I have been thinking on this for a while now. Since logwatch can send a mail
to another server and that server DOES not mark it as spam, that presents a
logic issue. Now, the other server does not have as new a spam assassin as
the new, so it is hard to check it that way.
So I 'replied' to the logwatch file and sent it to a known user, back to the
new server. It never arrived.
>From that I know a 100% spam assassin is taking it, not based on local
usernames, or any sendmail settings. I had originally thought that because
'logwatch' was not a sender that would be an issue.
I like the 'from ip' whitelist, but is not that spoofable too? I imagine
making it both 'logwatch and from this IP' might be better.
In logwatch there is a setting to say who the mail is from, right now it
says 'logwatch' but I could always add some long goobledy gook as 'from'
And then whitelist that, make it like 40 characters or whatever.
I can understand why spamassassin cannot tell it is from a local user or
have the ability to just auto whitelist stuff from a local user....but I can
forsee problems with interwebsite mails and even things like mailing lists
on the server without properly thinking this through.
Never thought this would be an issue, but at least I know how to make it
> -----Original Message-----
> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of Scott Silva
> Sent: Thursday, September 11, 2008 3:04 PM
> To: centos at centos.org
> Subject: [CentOS] Re: Logwatch / spamassassin
> > Try adding a whitelist entry to /etc/mail/spamassassin/local.cf. To
> > whitelist all mail from your domain:
> > whitelist_from *@example.com
> It is very easy to spoof email addresses. It is better to
> whitelist from ip addresses when possible.
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't!!!!
More information about the CentOS