Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: SASL and content_filter
From: Bill Boebel (billwebmail.us)
Date: Wed Feb 18 2004 - 11:50:26 CST
With the recent Postfix snapshot, it is possible to use the PREPEND feature
to tell SpamAssassin to whitelist mail that is sent using SMTP Auth. For
those interested, here is how to do it..
You need at least this version of Postfix and the SASL patch:
/.*/ PREPEND X-SMTP-Auth: no
header __NO_SMTP_AUTH X-SMTP-Auth =~ /^no$/
meta SMTP_AUTH !__NO_SMTP_AUTH
describe SMTP_AUTH Message sent using SMTP Authentication
tflags SMTP_AUTH nice
score SMTP_AUTH -100
[mailto:owner-postfix-userspostfix.org]On Behalf Of Tony Earnshaw
Sent: Sunday, February 08, 2004 6:25 AM
To: Postfix list
Subject: Re: SASL and content_filter
lÝr, 07.02.2004 kl. 23.21 skrev Bill Boebel:
> I want to tell a content_filter that an email arrived using SASL
> authentication. I cannot figure out a way to do this. Is there a way?
> Specifically, I want to tell amavis/spamassassin that it was SASL
> authenticated, so that it can whitelist mail sent by local users - without
> relying on the sender envelope since that can be forged. With the latest
> snapshot it looks like I can add a header somehow, which might do the
> for me; however that can also be forged.
> Any suggestions?
If you do an EHLO to the amavisd-new port, you can see what Postfix can
pass to Amavis. Not what you want, at any rate.
What you *can* do with the latest amavisd-new (and without going into
specifics), is to use a MySQL or LDAP (I use LDAP) database to tell
Amavis whose mail to scan and whose not. You can avoid all scanning on
mail from local users ($mynetworks, for example), by forcing them to use
a Postfix smtpd daemon without content filter on another port than 25. I
I wish that mailing-list people would stop CC'ing me.
Chances (95%) are that if they do, the CC will never
make it, anyway.
mail: billy - at - billy.demon.nl