Authenticated senders
Alex Neuman
alex at vidadigital.com.pa
Tue Apr 12 13:58:24 IST 2011
It's not a kludge, it's more of a workaround.
The problem is philosophical... MS is MTA-agnostic (or at least MTA-diverse) and, as such, doesn't directly understand when a user is or isn't authenticated.
Using something else than SMTP auth still involves other workarounds.
If having SA skip over authenticated e-mail is too ugly or unelegant for your taste, you might try:
1. Running a separate instance of postfix on another IP address or port, which would "skip" MS. You'd lose archiving, inline sigs, etc. - all the "non antispam/antivirus" goodies we're used to using MS.
2. Running a VPN daemon and whitelisting stuff that comes from your internal net. The disadvantage is that you have to be connected to the VPN for this to happen, and some places might not allow VPN traffic.
\On Apr 12, 2011, at 7:05 AM, James Pattinson wrote:
> Hi Alex
>
> That makes sense, and is probably similar to what I will end up doing, but it still doesn't seem like an ideal solution - it still seems like I am doing something "wrong" and it requires a kludge to work.
>
> Does anyone have a better way or doing things? Should I be using something other than SMTP auth to really trust my senders?
>
> James
>
> On 12/04/2011 12:57, Alex Neuman wrote:
>> This is how I would do it:
>>
>> 1. Send a message from myself to someone else in the same domain WITHOUT using authentication. In theory, it should work - authentication is usually only necessary to send mail OUTSIDE of the domain.
>> 2. Send another message, authenticated, somewhere else.
>> 3. Check the headers. There should be a difference; something like "user xxx with yyy auth and zzz bits" in the header.
>> 4. Write a custom rule in spamassassin to score it -100 for example.
>>
>> I don't know Postfix as well as sendmail; at sendmail's /etc/mail/sendmail.mc I modify the REC_FULL_AUTH part so that it includes an additional word and then check for it with "header soandso" in /etc/mail/spamassassin/local.cf.
>>
>> This wouldn't bypass MailScanner completely, but it insures it won't be scored as SPAM.
>>
>> On Apr 12, 2011, at 6:43 AM, James Pattinson wrote:
>>
>>> Hi List!
>>>
>>> I am using MailScanner with Postfix and ClamAV to run a simple mail server for myself and my family.
>>>
>>> I use SMTP AUTH to enable mail to be sent from various places such as home ISPs and Mobile Internet providers and would ideally like to have authenticated mail skip right through the RBL checks.
>>>
>>> I know this has been discussed in the past and I did find a thread from someone who ended up writing custom perl scripts to do this.
>>>
>>> As this was a few years ago I'd like some advice as to how this is best done these days! I find it really hard to believe that this is not a really common usage scenario, surely RBL checks are completely irrelvant when SMTP auth is in use? I am even using port 587 and TLS to submit messages!
>>>
>>> Currently my workaround is to have my sending address configured in rules/spam.whitelist.rules but this is not ideal as I still get spammers faking my address.
>>>
>>> Would love to get some input on this :)
>>>
>>> Cheers
>>> James
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>>
>> Alex Neuman van der Hans
>> Reliant Technologies / Vida Digital
>> http://vidadigital.com.pa/
>>
>> +507-6781-9505
>> +507-832-6725
>> +1-440-253-9789 (USA)
>>
>> Follow @AlexNeuman on Twitter
>> http://facebook.com/vidadigital
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/
+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)
Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital
More information about the MailScanner
mailing list