Transfer Whitelist and other things from MD into SG
-
I'm just getting SG working and have already ran into some issues with things being blocked that I don't want blocked.
For example, I've got many of my clients MD installations set to send me a copy of things like CrashPlan, Register.com, Network Solutions and other emails. The problem is that SG is not accepting them because the SPF doesn't match.
I realize I can make some changes to relax SPF, but for most stuff I want it.
I also have a client that tried to email me and it got returned as SPAM.
Can I import my SPAM Whitelist from MD to SG?
-
Also, MD will can use my Contacts as whitelist I think, can I transfer that to SG?
-
Arron Staff
MDaemon and SecurityGateway are both using SpamAssassin. You can copy any of the spamassassin configurations (stored in .cf files) from one server to the other, the whitelist (to) whitelist (from) found in MDaemon under Security / Spam Filter / Spam Filter are included in this. The whitelist (no filtering) is not included.
To copy the whitelist (to) and whitelist (from), On the MDaemon server go to the MDaemon\SpamAssassin\Rules directory and copy the 80_whitelist_from.cf, and 80_whitelist_to.cf files to the Program Files\MDaemon Technologies\SecurityGateway\SpamAssassin\rules on the SecurityGateway server.
If you'd like to adjust the scores being assigned to whitelisted edit the local.cf and add the following (if they already exist just edit what is there.)
score USER_IN_WHITELIST -100.0
score USER_IN_WHITELIST_TO -100.0Save the files and restart SGSpamD.exe.
Here is a script that will extract contacts from MD and import them into the whitelist in SG. It must be ran on the MDaemon server. You'll want to adjust the $Global:SGXMLRPCURL, $UserName, and $Password variables for your environment. The script is looking at the whitelist contact folder for each user. If you'd like to import addresses from a different contact list you'll need to adjust the $MRKPath appropriately. Also, I highly reccomend backing up all contact lists in MDaemon and your SecurityGateway server before running the script, and please run tests to make sure the script is going to do what you want it to before running it on your live servers.
################################################################################################################################ ################################################################################################################################ ## SG Import MD User Whitelist v 1.0.0 ## ## February 10, 2022 ## ## Copyright MDaemon Technologies 2022 ## ## This script is designed to retrieve contact email addresses from the user's whitelist and import them into the user's ## ## SG Whitelist This script is only to be used with MDaemon Technologies products. The use of this script for any other ## ## purpose or with any other products is not allowed. ## ## ## ## MDaemon Technologies offers no warranty, provides no support, and is not responsible for any damages that may be arise ## ## from the use of this script. Use at your own risk. ## ## ## ################################################################################################################################ ################################################################################################################################ $MRKPath = "C:\MDaemon\Users\*\*\WhiteList.IMAP\AddrBook.mrk" $Global:SGXMLRPCURL = "http://127.0.0.1:4000/SecurityGateway.dll?view=xmlrpc" $Username = "User" $Password = "Password" $Comment = "Imported from MDaemon" Import-Module SGAPI $OpenSession = Open-SGSession -URL $Global:SGXMLRPCURL -UserName $UserName -Password $Password if($OpenSession -eq 0){ ForEach($File in Get-ChildItem -Path $MRKPath -Recurse -Filter "AddrBook.Mrk"){ $UserDomain = split-path -Path (split-path -Path (split-path -Path (Split-Path -Path $File.FullName -Parent) -Parent) -Parent) -Leaf $UserMailbox = split-path -Path (split-path -Path (Split-Path -Path $File.FullName -Parent) -Parent) -Leaf $UserEmail = $UserMailbox + "@" + $UserDomain $UserExists = $false $SGUsers = Get-SGUsers -Domain $UserDomain ForEach($User in $SGUsers){ if($User.MailBox -eq $UserMailbox){ $UserExists = $true #Write-Host $User.Mailbox "matches" $userMailbox } else { #Write-Host $User.Mailbox "did not match" $UserMailbox } } if($UserExists){ Write-Host "$UserEmail was found in SG. Proceeding..." [xml]$WhiteList = Get-Content $File.FullName $Emails = $WhiteList.SelectNodes('//addressBook/contact/email/text()').Value ForEach($Email in $Emails){ if($Email){ $Result = Add-SGToUserWhitelist -EmailToAdd $Email -UserEmail $UserEmail -Comment $Comment if($Result -eq 0){ Write-Host "Adding $Email to the $UserEmail User Whitelist" } else { Write-Host "there was an error adding $Email to the $UserEmail whitelist" } } else { Write-Host "A contact was found but the email field was empty... Ignoring." } } } else { Write-Host "$UserEmail was not found in SG. Skipping..." } } $CloseSession = Close-SGSession if($CloseSession -eq 0){ Write-Host "The SG connection was successfully closed." } else { Write-Host "There was a problem closing the connection to SecurityGateway" Write-Host $CloseSession } } else { Write-Host "There was a problem opening the connection to SecurityGateway" Write-Host $OpenSession }
-
Matthew Staff
If the messages are being rejected based on score, copying the SpamAssassin whitelists from MD to SG is the most direct solution. However, SG can be configured to reject messages before the SpamAssassin test is executed. Another option would be to create a Powershell script that reads the MD whitelist file and then uses the SG API as demonstrated above to add the entries to SG's global whitelist. You will need to use the Add-SGToGlobalWhitelist command.
-
Thanks very much, that is helpful.
As for the SPF stuff, I guess I just have to dig into it and figure out how to whitelist certain domains.
-
I can't seem to find a way to exclude or "whitelist" certain domain names from SPF requirements. Maybe I'm not looking in the right place.
I have done that in MD, can I do the same in SG?
-
Matthew Staff
@John there is no SPF specific "whitelist" in SG at this time. You could...
Whitelist the IP addresses of the sending servers.or
Disable the built-in SPF feature and implement it using a custom Sieve script. You can copy the system-generated SPF script and then edit it to exclude the domains in question. The syntax to exclude a domain is...
if not envelope :domain :is "from"
["domain1.com",
"domain2.com",
"..."]
{
# perform SPF test and actions
}For example...
require ["securitygateway","reject","fileinto","envelope"];
if allof(not whitelisted "ip",not auth "succeeded",not ip "des") {if not envelope :domain :is "from"
["domain1.com",
"domain2.com"]
{if lookup "spf" "fail" {
spamscore "5.0";
}
if lookup "spf" "softfail" {
spamscore "2.0";
}
}
}It is not ideal, but this should provide a work around. I will ensure that being able to specify domain names to exclude from SPF actions in the GUI is on the wish list.
-
Thanks Matthew, I apprecate the answer.
I have not even gotten into Sieve scripts, so it's a whole new thing for me.
-
Now I'm trying to find out where MD has a setting to not spam check from a "localhost".
X-Spam-Processed: mail.sv-cs.com, Wed, 09 Aug 2023 13:43:11 -0700
(not processed: message was sent from localhost)I'm hoping that SG does the main stuff, but MD will still do it's spam checking. I've removed 127.0.0.1 from trusted IP's, but can't find where else to look.
-
Silly question, but how do I "restart" SGSpamD.exe?
Also, the Whitelist script above, what type of script is that?
How do I run it?
-
@Arron Please see above post.
-
Matthew Staff
@John to restart sgspamd.exe just terminate the process from task manager and SecurityGateway will restart it.
The script is a PowerShell script. You should be able to run it from the Windows PowerShell console.
-
Okay, thanks!
-
@Matthew Can I run this script over and over, will it add to the Allow List each time or overwrite the identical entries?
I want to be able to update it on occasion from peoples contacts.
-
@Matthew Please see above.
-
Matthew Staff
Jon,
I have confirmed that the Powershell command SGToUserWhitelist will update an existing entry in the user's allowlist. It should not create duplicate entries.
-
@Matthew Awesome, thanks so much!