Whitelist-only email server

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Whitelist-only email server

User Ernie-2
Has anybody set up a whitelist-only email server on FreeBSD that rejects all
emails except ones that are in the users personal whitelist?

I am trying to figure out how to do it, I know it's an anti-spam solution
for advanced email users who understand the implications of what
legitimate emails they might miss as a consequence.

- Ernie.
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Whitelist-only email server

Mario Theodoridis
have you looked into TMDA? I don't use it for whitelist only, but it's
fairly easy to have it do just that. And it is kind of a powertool.

mario;>

So, User Ernie wrote:

> Has anybody set up a whitelist-only email server on FreeBSD that rejects
> all emails except ones that are in the users personal whitelist?
>
> I am trying to figure out how to do it, I know it's an anti-spam
> solution  for advanced email users who understand the implications of
> what
> legitimate emails they might miss as a consequence.
>
> - Ernie.
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "[hidden email]"


_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Whitelist-only email server

Brian Candler
In reply to this post by User Ernie-2
On Wed, Jul 19, 2006 at 04:57:16PM +1000, User Ernie wrote:
> Has anybody set up a whitelist-only email server on FreeBSD that rejects all
> emails except ones that are in the users personal whitelist?

It's certainly doable in exim. In fact, using exim ACLs, you can reject at
SMTP time: e.g.

MAIL FROM:<[hidden email]>
RCPT TO:<[hidden email]>
550 [hidden email] does not accept mail from [hidden email]

This means you don't have to worry about generating bounces and hence
generating 'collateral spam'. The lookup for allowed recipients can be done
anywhere you like - in a file (e.g. $HOME/.allowfrom), in a DBM file, or
even in an LDAP or SQL database.

OTOH, it does depend on the sender's MTA generating valid envelope-sender
addresses. Not all do, and also there are a number of
envelope-sender-mangling schemes out there (e.g. SES, BATV) which you would
have to decode to extract the sender address. All of this is possible
though.

Have you considered, however, what you will do with bounces - i.e. MAIL
FROM:<> ?

> I am trying to figure out how to do it, I know it's an anti-spam solution
> for advanced email users who understand the implications of what
> legitimate emails they might miss as a consequence.

The other approach is to do this post-delivery, using a filtering program of
your choice (e.g. procmail) or MTA-embedded filtering (e.g. sieve in Exim).
However, if the filter then makes a decision to reject the mail, you will
either blackhole it, move it into a 'Spam' folder (which is as good as
blackholing), or send a fresh outgoing bounce (which is more than likely
going to be collateral spam to an innocent third party)

Regards,

Brian.
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Whitelist-only email server

Darren Pilgrim-2
In reply to this post by User Ernie-2
User Ernie wrote:
> Has anybody set up a whitelist-only email server on FreeBSD that rejects all
> emails except ones that are in the users personal whitelist?

        I did one such system using Postfix, Courier-IMAP and Squirrelmail with
a MySQL backend.  I modified the address book forms to include a
white-listing checkbox.  Users added addresses to their address books,
then checked the "Allow this person to send me email" checkbox, with the
effect of setting a "whitelist" column in the address table to either 0
or 1.  I configured Postfix with seperate inbound and submission ports
and added check_sender_access on the inbound port and
check_recipient_access on the submission port.  Both were mysql maps to
Squirrelmail's address table:

SELECT email FROM `address` WHERE email='%s' AND whitelist=1

The check_recipient_access and a submission port were included because I
felt it reasonable to require users to permit a response in order to
send a message to someone.  This was later combined with a Squirrelmail
plugin that added automatic address collection and the whitelist column
defaulted to 1.

--
Darren Pilgrim
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Whitelist-only email server

Tom Yerex
In reply to this post by User Ernie-2
Hi Ernie,

We are using ASSP with a lot of success.  Once configured, it can act as a
whitelist-only email server, and it offers additional capabilities if you
choose to use them.

http://assp.sourceforge.net/

Our department is fairly small (35-40), so I cannot say how well it would
scale if you had a lot of users.

T.

Tom Yerex
IT Coordinator
 
The University of British Columbia
Faculty of Science, Office of the Dean
1505-6270 University Boulevard
Vancouver, B.C. Canada V6T 1Z4
 
 
v: 604.822.6080
 
f: 604.822.5558
 

 



User Ernie <[hidden email]>
Sent by: [hidden email]
07/18/2006 11:56 PM

To
[hidden email]
cc

Subject
Whitelist-only email server






Has anybody set up a whitelist-only email server on FreeBSD that rejects
all
emails except ones that are in the users personal whitelist?

I am trying to figure out how to do it, I know it's an anti-spam solution
for advanced email users who understand the implications of what
legitimate emails they might miss as a consequence.

- Ernie.
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Whitelist-only email server

Darren Pilgrim-2
In reply to this post by Darren Pilgrim-2
Darren Pilgrim wrote:
> Postfix with seperate inbound and submission ports
> and added check_sender_access on the inbound port and
> check_recipient_access on the submission port.  Both were mysql maps to
> Squirrelmail's address table:

Correction, it was a policy server that returned OK if the address was
found in the table.  The access maps are from another config.

--
Darren Pilgrim
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"