spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Giles Coochey" <gi...@coochey.net>
Subject Re: How do I stop SA checking mail from authenticated users
Date Wed, 05 Oct 2011 16:06:25 GMT
On Wed, October 5, 2011 18:02, Frank Leonhardt wrote:
>
> On 05/10/2011 16:23, Giles Coochey wrote:
>> On Tue, October 4, 2011 20:59, Frank Leonhardt wrote:
>>> On 04/10/2011 19:22, Kris Deugau wrote:
>>>> Frank Leonhardt wrote:
>>>>> Here's the problem:
>>>>>
>>>>> I have a single mail server (not commercial) using sendmail to accept
>>>>> incoming mail from all sources, and filtering using spamassassin. It
>>>>> also accepts mail from roaming users - encrypted mail using port 465
>>>>> and
>>>>> authenticating users with SASL, and is expected to relay this. It all
>>>>> works fine except that the trusted mail goes through the milter like
>>>>> any
>>>>> other, and if it's coming from a dodgy location there's a danger that
>>>>> SA
>>>>> will block it. (This happens - sent from a WiFi hotspot, non-static
>>>>> DSL
>>>>> or mobile network that's been blacklisted everywhere).
>>>>>
>>>>> Is there an easy way I can treat trusted mail differently?
>>>> Configure whatever actually calls SA to not do so on authenticated
>>>> mail.
>>>>
>>>> This is possible with MIMEDefang, may be possible with amavis.  I
>>>> can't say about other milters - you don't say how you're calling SA
>>>> from sendmail.
>>>>
>>>> FWIW, this general answer applies no matter where in the mail chain
>>>> you're calling SA - if you don't want it scanned, configure whatever
>>>> calls SA to skip the call on whatever conditions you want.  Whether
>>>> you *can* actually configure<x>  to do this is another matter.
>>>>
>>> Thanks Kris, Kelson and Noel - pretty unanimous answer - just don't
>>> call
>>> the milter for stuff on 465! Unfortunately I don't know how to achieve
>>> this, but I'll go off and do some research now I know what I'm trying
>>> to
>>> find.
>>>
>> I use a version of spamass-milter, 0.3.2.
>>
>> It has the following option:
>>
>>   -I: skip (ignore) checks if sender is authenticated
>>
> Interesting... but my version of 0.3.2 lacks this option (in the
> documentation, and in the source code). I'm curious to know how the
> milter could actually tell.
>
> Have you any idea where you version of 0.3.2 came from?
>
> As I mentioned elsewhere, the problem is solved for my purposes but I'm
> planning to write a comprehensive answer to this whole issue.
>
I use the city-fan.org repo under CentOS for spamassassin related stuff:

[city-fan.org]
name=city-fan.org repository for Red Hat Enterprise Linux (and clones)
$releasev
er ($basearch)
#baseurl=http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basear
ch
mirrorlist=http://mirror.city-fan.org/ftp/contrib/yum-repo/mirrorlist-rhel$relea
sever
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-city-fan.org
priority=1



Mime
View raw message