[CentOS] Re: Logwatch / spamassassin

Thu Sep 11 20:39:34 UTC 2008
Bob Hoffman <bob at bobhoffman.com>

I have been thinking on this for a while now. Since logwatch can send a mail
to another server and that server DOES not mark it as spam, that presents a
logic issue. Now, the other server does not have as new a spam assassin as
the new, so it is hard to check it that way. 
So I 'replied' to the logwatch file and sent it to a known user, back to the
new server. It never arrived.

>From that I know a 100% spam assassin is taking it, not based on local
usernames, or any sendmail settings. I had originally thought that because
'logwatch' was not a sender that would be an issue.

I like the 'from ip' whitelist, but is not that spoofable too? I imagine
making it both 'logwatch and from this IP' might be better.

In logwatch there is a setting to say who the mail is from, right now it
says 'logwatch' but I could always add some long goobledy gook as 'from'


And then whitelist that, make it like 40 characters or whatever.

I can understand why spamassassin cannot tell it is from a local user or
have the ability to just auto whitelist stuff from a local user....but I can
forsee problems with interwebsite mails and even things like mailing lists
on the server without properly thinking this through.

Never thought this would be an issue, but at least I know how to make it

> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Scott Silva
> Sent: Thursday, September 11, 2008 3:04 PM
> To: centos at centos.org
> Subject: [CentOS] Re: Logwatch / spamassassin
> <snip>
> > 
> > Try adding a whitelist entry to /etc/mail/spamassassin/local.cf. To 
> > whitelist all mail from your domain:
> > 
> > whitelist_from     *@example.com
> > 
> It is very easy to spoof email addresses. It is better to 
> whitelist from ip addresses when possible.
> -- 
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't!!!!