Steps to bypass the analysis of specific emails and have them directly passed to the next hop without being scanned by the system.

The required sender whitelist setting is not configurable via the Lastline hosted UI portal, and must be set manually through backend configuration files. (in /etc/appliance-config/override.yaml file)

To implement sender whitelisting and bypass email analysis for specific senders or domains:

1. Step 1: Create a new file (or check if one already exists) such as: /etc/appliance-config/sender_whitelist.txt (eg: let's say we create a file: sender_whitelist.txt)

2. Step 2: In the file: sender_whitelist.txt, we add entries like: 

# Email address (Match a specific sender)
^user@example\.com$
#  Match all users from a domain
.+@example\.com

Please note: we use regex patter to add entries in the .txt file as show above.

3. Step 3:  Reference It in override.yaml: Update your /etc/appliance-config/override.yaml to include the sender whitelist
=> llmail::sender_whitelist: /etc/appliance-config/sender_whitelist.txt

4. Step 4: Apply the Configuration: 
#service-lastline llmail-daemon restart
#lastline_apply_config
To ensures the new whitelist is active.

5. Step 5: To Test the Whitelist - You can test this using swaks to simulate a mail:

swaks --to [email protected] \
      --from [email protected] \
      --header "Whitelist Test" \
      --body "This is a test for sender whitelist." \
      --server <sensor-IP>
Replace [email protected] with a whitelisted address.

6. Step 6: Optionally we can also verify via Logs to see if it's skipping to analyze: 

• To verify if the whitelist is working, check for log entries containing: sender whitelist match
• These logs are recorded using the email_logger, and can be found in: /log/email/
• Find the logs inside /var/log/email/ and grep it with 'sender whitelist match' to check if it is skipping analysis.