gpg: Signature made Mon Mar 28 16:15:12 2022 UTC
gpg: using DSA key 0E4236CB52951E14536066222099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
On Mon, Mar 28, 2022 at 04:04:08PM +0000, Andy Smith wrote:
> If the email's envelope sender is unique to them, then you could add
> a match for it to a file like /etc/exim4/local_sender_allowlist, and
> then at the place where you consider an email's SA score you can
> exempt senders that match local_sender_allowlist from consideration.
I should point out that if you do this, or if you do similar with
the Debian machinery for CONFDIR/local_sender_whitelist, then you
would of course be letting in any mail whose envelope sender matched
what you specified.
I personally tend not to do an allowlist based solely on sender,
instead preferring to modify the SpamAssassin config which can check
for DKIM and/or SPF to authenticate it. So that's another plus point
of running your own SpamAssassin. It's quite simple in SA, it's just
something like:
######################################################################
# Allowlisted senders with valid DKIM. This works against the From:
# header.
######################################################################
whitelist_auth *@bbc.co.uk
######################################################################
# Allowlisted senders with valid SPF. Note this needs to use the
# envelope sender. Instead use above whitelist_auth if mail passes
# DKIM.
######################################################################
whitelist_from_spf *@nanog.org
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
