SMTP AUTH and no Scanning

Glenn Steen glenn.steen at gmail.com
Sun Mar 30 20:18:05 IST 2008 

On 30/03/2008, Hugo van der Kooij <hvdkooij at vanderkooij.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>  Marcel Blenkers wrote:
>
>
> | As i am now using SMTP Auth and got almost every user on the system to do
>  | so, i would love to skip those mails, sended by those users who used smtp
>  | auth, for scanning.
>  |
>  | Means,
>  |
>  | a user sends a mail with smtp auth and the mail will go through unscanned.
>  | Or do you think this is a bad idea?
>
>
> First off. Start by adding the details to your headers. Or to quote
>  http://www.postfix.org/SASL_README.html:
>
>  To report SASL login names in Received: message headers (Postfix version
>  2.3 and later):
>
>  ~    /etc/postfix/main.cf:
>  ~        smtpd_sasl_authenticated_header = yes
>
>
>  Then you get a Receive: header like this:
>
>  Received: from frodo.hugo.vanderkooij.org (hugovdkooij.xs4all.nl
>  [82.95.223.25])
>         (Authenticated sender: hvdkooij at vanderkooij.org)
>         by balin.waakhond.net (Postfix) with ESMTP id 7CA7E17E8F92
>         for <hugo at vanderkooij.org>; Sun, 30 Mar 2008 16:38:56 +0200 (CEST)
>
>  The order is important so SASL authenticated user can still originate
>  from networks that are listed in RBL's in your postfix config.
>
>  How to write something to exclude it from MailScanner alltogether is
>  something I have not yet figured out. If I am not mistaken the following
>  criteria must be met:
>
>  ~ 1. It must be the only Received: header line.
>  ~ 2. It must show it has done authentication on your own host.
>  ~ 3. It must show an authenticated user.
Yep.

>  Given that postfix adds this line when it puts the file in the queue for
>  ~ MS the decision must be made in MS.
... Since this would help "jump past" the hold thing (in my limited
frobbing experience... I did look at this a while back... never got it
right:-). So did we gain much then? AFAIK you'd still need use a
CustomFunction to be able to skip things in MS... Or perhaps I'm not
thinking straight here... Hmmm. Still think you'd need a CF....

>  Hugo.
>
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list