Authenticated senders
Jason Ede
J.Ede at birchenallhowden.co.uk
Tue Apr 12 16:10:22 IST 2011
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
> Sent: 12 April 2011 13:58
> To: MailScanner discussion
> Subject: Re: Authenticated senders
>
> It's not a kludge, it's more of a workaround.
>
> The problem is philosophical... MS is MTA-agnostic (or at least MTA-diverse)
> and, as such, doesn't directly understand when a user is or isn't
> authenticated.
>
> Using something else than SMTP auth still involves other workarounds.
>
> If having SA skip over authenticated e-mail is too ugly or unelegant for your
> taste, you might try:
>
> 1. Running a separate instance of postfix on another IP address or port,
> which would "skip" MS. You'd lose archiving, inline sigs, etc. - all the "non
> antispam/antivirus" goodies we're used to using MS.
> 2. Running a VPN daemon and whitelisting stuff that comes from your
> internal net. The disadvantage is that you have to be connected to the VPN
> for this to happen, and some places might not allow VPN traffic.
>
You could run a separate instance of postfix that only accepts authenticated on 587 with TLS and then passes the messages onto the main instance that has MS running on it...
You should be able to do a SA rule to check for the received header from the 587 instance and authenticated header and assign score accordingly.
Jason
More information about the MailScanner
mailing list