Configuring auto-whitelist in SpamAssassin on Debian

- janeiro 06, 2018

SpamAssassin can automatically mantain a MEAN score of e-mail addresses based on ham or spam received.

You can read more on https://wiki.apache.org/spamassassin/AutoWhitelist

It is NOT a manual whitelist https://wiki.apache.org/spamassassin/ManualWhitelist . It MUST NOT be the only filter you will use.

And CAN score in the wrong way https://wiki.apache.org/spamassassin/AwlWrongWay

It stores a pair e-mail address and source IP, so spammers could only blacklist your own address after invading / exploiting your server.

In these cases you MUST take forensic measures to analyze your server and stop the exploiting / invasion. Also you should manually whitelist your own addresses or edit the auto whitelist database using appropriate tools. Then after cleaning, your server likely being on blacklists, you should ask for removal on those blacklists.

The awl database is a perl hash in gdbm format and must be created and edited by tools.

https://packages.debian.org/stable/spamassassin-heatu

https://spamassassin.apache.org/full/3.4.x/doc/sa-awl.html

Edit the /etc/spamassassin/v310.pre

nano -cw /etc/spamassassin/v310.pre

# AWL - do auto-whitelist checks
#AFM 20140725
loadplugin Mail::SpamAssassin::Plugin::AWL

Check that /var/lib/spamassassin/3.004000/updates_spamassassin_org/60_awl.cf contains

ifplugin Mail::SpamAssassin::Plugin::AWL

header AWL eval:check_from_in_auto_whitelist()
describe AWL Adjusted score from AWL reputation of From: address
tflags AWL userconf noautolearn
priority AWL 1000

endif # Mail::SpamAssassin::Plugin::AWL

nano -cw /etc/spamassassin/local.cf

use_auto_whitelist 1

Then you restart spamassassin

invoke-rc.d spamassassin restart

If you do not want to wait the auto-whitelist to be created on receiving e-mails, you could manually create the file for each user on their home directory

su - john_doe

spamassassin --add-addr-to-whitelist=john_doe@your_domain.com

Then consult your gdbm database

sa-heatu -D -n -v

No timestamp processing will be performed
Reading /home/andremachado/.spamassassin/auto-whitelist
Writing /home/andremachado/.spamassassin/auto-whitelisto
average total count

-100.0 -100.0 1 john_doe@your_domain.com none;
17.8 17.8 1 fulano@example.com 191.237;
38.6 38.6 1 bq7cubyda6@docomo.ne.jp 107.6;
54.2 54.2 1 darrenutke@aastocks.com 209.134;
18.8 56.5 3 jet@trimconvert.com.br 177.136;
12.4 12.4 1 linco@lincksas.com.br 201.157;
2.5 2.5 1 mailer@emalia.be 85.234;
29.9 29.9 1 pyu41qhvva@softbank.ne.jp 95.31;
10.4 10.4 1 reservas@hotelfazendasaojoao.tur.br 201.28;
15.4 15.4 1 send@host1.srv12brt.com.br 23.245;
36.9 36.9 1 andrewsandova@gmail.com 8.30;
15.5 15.5 1 email@hmdms.com.br 208.115;
16.2 48.5 3 grow@broadfaxx.com.br 201.157;
19.6 19.6 1 jenneykingmold5@qq.com 119.136;
9.7 9.7 1 julia@cupomloja.com.br 192.119;
6.8 6.8 1 julidynn@yahoo.com 23.228;
9.1 9.1 1 nara@hp-legal.com.br 167.114;
16.1 16.1 1 vanuza.oliveira@sistemainfalivel.com.br 45.58;
export COLUMNS=nnn and you will get a nicer display!

average total count

0 entries removed.
0 entries would be expired.
0 timestamps would be added.
0 timestamps would be updated.

18 entries input.
18 entries output = input - expired - removed.

Repeat this consult regularly to see if it is going the right way or use sa-awl or sa-heatu to edit the database.

Usermin can edit this gdbm database too:

Usermin > Mail > SpamAssassin Mail Filter > Manage auto-whitelist