I run a number of web apps and because I’m a masochist I choose to have all exceptions and other important system events emailed to me rather than just using a tool like Bugsnag.
My approach has worked perfectly fine for years until recently when Google decided they would start marking system-generated emails as spam and, even worse, actually started dropping emails if the frequency was too high.
So I turned to mailinabox and all was good. I set up one obscure email address on one obscure domain and started happily receiving all of my exception emails. That was until one day when I stopped receiving emails because they were being marked as spam because of the Spamhaus SBLCSS.
Which brings me to my question: what do people think is the easiest way to completely whitelist a mail server in MiiB/Spamassassin? I realise this is 90% a spamassassin question, but I thought I would ask here for pointers anyway because you seem like quite a knowledgable bunch.
Here are the things I have tried so far:
Adding the mail server to
/etc/postgrey/whitelist_clients. This is great because it stops the greylisting, but doesn’t seem to stop the mail being processed by spamassassin.
Adding trusted networks/servers/addresses to
/etc/spamassassin/local.cfusing one or all of the
/etc/default/spampdto 0. (eg.
The third option seems to have done the trick, as there is no mention of spam scores in the incoming email headers any more and it appears from the mail logs as if spamassassin isn’t being called any more. This seems to have solved the problem, but of course it isn’t the ideal solution, because spammers will figure out my support email address eventually and will start spamming it.
The second option seems preferable because spam processing will still occur on all servers that aren’t in the white list. The problem is in the way that spamassassin actually deals with the white list. Rather than just skipping processing for all servers in the white list, it just seems to give them a -100 bonus, which means they’ll never be marked as spam by the internal filters.
HOWEVER: It looks like spamassassin will still send the email to spamhaus.org as part of its analysis and spamhaus seems to eventually decide that the email is spam, BLACK LISTS the IP address, tells spamassassin the IP address is on a black list and so spamassassin REJECTS the email! That is, it doesn’t just file it in the spam folder, it outright rejects it!
It seems highly counterintuitive that spamassassin could REJECT an email from a whitelisted mail server and the fact that it makes this decision based on a response from spamhaus that it caused by sending the emails from the whitelisted server to spamhaus in the first place is just crazy. And the upshot of all this is that now other email servers throughout the world will be rejecting emails from my web apps because MiiB/spamassassin essentially got my whitelisted email servers blacklisted for me. Awesome.
Anyway, rant over… if anybody has any suggestions as to the best way to whitelist a server and avoid the issues with spamhaus they would be very much appreciated.