SMTP AUTH and no Scanning
Jason Ede
J.Ede at birchenallhowden.co.uk
Mon Mar 31 10:13:36 IST 2008
Surely a customfunction applied to the Spam Check option should do this? It can check for authenticated headers to that box and providing it meets all the requirements don't check it for spam? Would need to be able to use a ruleset as well at a guess for quite a few systems...
Jason
________________________________________
From: mailscanner-bounces at lists.mailscanner.info [mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alessandro Dentella [sandro at e-den.it]
Sent: 31 March 2008 10:00
To: MailScanner discussion
Subject: Re: SMTP AUTH and no Scanning
On Mon, Mar 31, 2008 at 12:05:33AM +0200, Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Glenn Steen wrote:
>
> | Unfortunately this likely will not work that well... Rather better to
> | do something completely different. Like demanding taht the ones doing
> | authenticated SMTP use an alternate port ... and have an instance of
> | PF listening there that don't include the HOLD thing. ... That's how
> | I'd do it if I needed it:-).
>
> In fact port 587 is intended for this purpose. The trick is to make it
> listen for authenticated traffic only and then go out straight away and
> not hit MailScanner on the way out.
>
> So the first bit is to make it listen by activating this in the
> $POSTFIX/master.cf file:
>
> submission inet n - n - - smtpd
> ~ -o smtpd_enforce_tls=yes
> ~ -o smtpd_sasl_auth_enable=yes
> ~ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> This was the bit I could find straight away. But how can one make sure
> the normal hold trick does not apply here? Because that one still is
> applied at the moment.
wouldn't a simple:
-o header_checks =
added to the lines before do the trick?
My concern now is different. Are we generally sure we don't want MailScanner
on all authenticated traffic? That means no controlon possible viruses that
a custemer has not checked, no control on worms and the like.
Probably what I really want is to let MS but avoid that it drops e-mail due
to the sending IP being in an RBL. As Glenn pointed out Postfix already does
the right think in this reguard, if we correctly set order in rules. We
simply don't want MS (and spamassassin?) drops it afterwords.
sandro
*:-)
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list