SMTP Auth

John Rudd jrudd at ucsc.edu
Thu May 4 17:03:45 IST 2006


On May 4, 2006, at 1:51 AM, Julian Field wrote:

> On 3 May 2006, at 20:34, John Rudd wrote:
>
>> My plan around that is:
>>
>> 0) mimedefang removes any existing 
>> X-my-header-indicating-authenticated-user
>> 1) mimedefang reads the sendmail macros to see if the sender is 
>> authenticated
>> 2) mimedefang adds a X-my-header-indicating-authenticated-user with 
>> the header value being the authenticated user
>> 3) if they are authenticated (or from one of my own exempt/local IP 
>> addrs), mimedefang doesn't feed the message to spam assassin; if they 
>> aren't, it feeds the message to spam assassin.
>>
>> Though, I could also, easily, feed the message to spam assassin in a 
>> later process, and give the presence of that header a low score.  
>> Since mimedefang removes that header up front, I don't have to worry 
>> about it being inserted by someone else (thus no need for a secret 
>> phrase).
>
> John,
>
> If you want to sing the praises of mimedefang, please do it on their 
> list and not mine. This list is for MailScanner discussions, and you 
> are starting to get very off-topic.

No problem, but in my defense I would like to point out that I have 
mainly been mentioning it in ways that allow it to act in concert with 
mailscanner ... and thus don't see it in any different light than the 
many recommendations about ways to modify sendmail to extra AV/AS 
functionality (talking about the greet_pause, or the rdns hack, as 
examples).

For example, in the case I gave, steps 0-2 could be done, then the 
message given to MailScanner.  MailScanner's invocation of SpamAssassin 
could have a rule that looked for the added-header and give the message 
a lower score.

That said, I will honor your request.



More information about the MailScanner mailing list