I’ve always considered the most important part of an anti-spam solution to be a good whitelist. Manual whitelists are a pain to maintain, so I always look out for ways that I can populate mine automatically.
Since I started using CommuniGate Pro a year or two back I’ve been using it’s Contacts system. Mainly because I could use ActiveSync to sync the data between my various devices. It occured to me, almost from the beginning that the Contacts list would be a great source of data for a whitelist. The logic being; you can be pretty sure you want to receive email from email addresses belonging to your Contacts.
My edge SMTP router is Exim, and that’s where the Spam filtering takes place, so I needed to come up with a solution which would allow Exim to lookup email addresses in the appropriate CommuniGate Contacts folder. So I built CGPContactLookup. It’s a simple Perl script that connects to CommuniGate via IMAP and searches for Contacts.
I’m quite keen on using macros in Exim configuration as it simplifies the complicated parts of the config. At the top of my Exim configuration file I have a macro like this:
CONTACTS_WHITELIST = ${run{/etc/exim4/scripts/CGPContactLookup.pl \
--host 127.0.0.1 \
--user postmaster \
--passfile /etc/exim4/cgp_password.txt \
--authas $local_part@$domain \
--folders Contacts \
--lookup $sender_address \
}{true}{false}}
Then, near the beginning of my acl_smtp_rcpt ACL I have a simple piece of configuration like this:
accept domains = grepular.com
condition = CONTACTS_WHITELIST
set acl_m0 = Whitelisted
logwrite = $sender_address is a whitelisted address
Then, anywhere else I do spam checks, including in acl_smtp_data I check whether or not acl_m0 has been set to “Whitelisted” and don’t do the spam checks if it has. Of course, this doesn’t help greatly if a spammer spoofs one of your Contacts email addresses to send you spam, but that doesn’t seem to happen in any sort of meaningful way these days. You might want to bypass the whitelist lookup if the sender address domain is the same as the recipient domain, as that sort of spoofing does happen. Eg:
condition = ${if !eq{$sender_address_domain}{$domain}}
Simple..? The script is flexible enough such that it should work on various different email systems, but Exim is the one that I know best. If you make it work on a different setup, please let me know.
Want to leave a tip?You can follow this Blog using RSS or Mastodon. To read more, visit my blog index.