[BlueOnyx:20202] Re: Sendmail whitelist

[Michael Stauber]

Hi Ernie,

> I have a client that only wants to receive emails from a handful of domains
> and deny everything else.
> 
> Is this possible?

Uuuh ... that's unusual enough that I had to mull it over. :p

> I read what documentation I could find on the sendmail access db syntax, and
> there didn't seem to be a deny all rule.

There might be a way of doing this with Sendmail access rules, but it's
indeed a bit complicated. Even more so if he's not the only email
recipient on that server.

It might be easier to set up a procmail rule for this. Either a global
one in /etc/procmailrc or a per user one in ~username/.procmailrc

> Perhaps some kind of a milter might do it.

I was thinking along those lines as well. If I had to do it, I'd use the
AV-SPAM for solving this issue.

It has "whitelist_from" and "blacklist_from" settings that are
configurable either globally or on a per user basis via the GUI.

Whitelist happens first, then blacklist. Both allow wildcards, but a *@*
for a total blacklisting isn't supported by the GUI.

Additionally: SpamAssassin doesn't process emails larger than 250kb. So
any SPAM that's larger due to attachments will still make it through.

My solution would be a combination of things: I'd use the Whitelist_from
feature of the AV-SPAM and would add a custom .procmailrc rule for that
user that scans all emails. If something doesn't have the whitelist_from
header in it that SpamAssassin adds for whitelisted email-addresses,
then I'd deliver that email to /dev/null instead of to the mailbox.

But as said: You can do this without the AV-SPAM and just with
.procmailrc as well. The AV-SPAM would just make it easier for the user
to manage his whitelist settings on his own as he could edit that
himself through the GUI.

-- 
With best regards

Michael Stauber