Solution: Bypass mailscanner for authenticated smtp users.

Thu May 3 18:51:52 IST 2012

Cut and pasted from a thead when I was having similar issues with mobiles 
devices.

Contrary to my last comment, it's been working fine since last year.  Similar 
to what you did.

On 3 May 2012 at 10:21, Aaron Greengrass wrote:

> I spent a day or so thinking on this one, and have come up with a method that
> works for me.  I always appreciate seeing solutions to problems I'm having
> posted, so I am posting this one in turn.
> 
> One of the email requirements in my environment is that authenticated 
> users not be subject to spam checks. (i.e. I know all of the users, so 
> policy violation isn't an issue).
> 
> The postfix config i'm using puts everything into HOLD, which guarantees
> mailscanner will check it. My solution follows:
> 
> in /etc/postfix/main.cf
> *header_checks = regexp:/etc/postfix/header_checks
> smtpd_sasl_authenticated_header = yes
> *
> in /etc/postfix/header_checks
> */^Received: .*\(Authenticated sender:.*/ OK
> /^Received:/ HOLD
> *
> There may be a more elegant way to do this, but this was the first 
> method I came up with, and it passes all of my initial testing.
> 
> Regards,
> 
> Aaron.
> 
> 

----- Ursprungligt meddelande -----

> Från: "Harondel J. Sibble" <mailscanner at pdscc.com>
> Till: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Skickat: torsdag, 23 jun 2011 22:26:53 Ämne: Re: how to allow mobile
> user to send email with getting blocked

> the trust is already in place, added the line to the machine
> authenticating
> users and it was still marking them as spam on the MS/SA machine

> :-(

> On 21 Jun 2011 at 8:06, Markus Nilsson wrote:

> > Hi Harondel,
> >
> > With my example, add this rule (smtpd_sasl_authenticated_header = yes)
> > to the postfix machine where the users login, and on the second
> > machine (where MS/SA is running) make sure that the first machine is
> > "trusted" by adding it to the mynetworks setting!
> >
> > BR/
> > Markus
> >
> > ----- Ursprungligt meddelande -----
> >
> > Från: "Harondel J. Sibble" <mailscanner at pdscc.com>
> > Till: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > Skickat: måndag, 20 jun 2011 18:20:53 Ämne: Re: how to allow mobile
> > user to send email with getting blocked
> >
> > Just so I am clear, you are suggesting I put this in postfix on the
> > mailscanner machine, rather than in postfix on the protected imap
> > server behind mailscanner right?
> >
> > As to changing the headers in the mailclient, it doesn't appear
> > that K-9 on
> > Android supports that :-(
> >
> > On 20 Jun 2011 at 8:52, Markus Nilsson wrote:
> >
> > > In postfix I solve this by setting
> > > smtpd_sasl_authenticated_header = yes That by-passes network
> > > checks in SA if
> > > the header comes from a trusted source, and the host receiving
> > > the
> > > connection from your remote users is trusted I guess?
> > >
> > > This disables RBL-checks at SA, if you need even more negative
> > > scoring, you
> > > can modify the score for ALL_TRUSTED
> > >
> > > /Markus
> > >
> > >
> > > ----- Ursprungligt meddelande -----
> > >
> > > Från: "Harondel J. Sibble" <mailscanner at pdscc.com>
> > > Till: "MailScanner discussion"
> > > <mailscanner at lists.mailscanner.info>
> > > Skickat: fredag, 17 jun 2011 18:22:10
> > > Ämne: Re: how to allow mobile user to send email with getting
> > > blocked
> > >
> > > Didn't find that one in my search, thanks.
> > >
> > > Not sure I understand fully, I use postfix and haven't touched
> > > sendmail in
> > > years. Are you suggesting adding an additional header at the mail
> > > client level that is then processed by the mta/ms?
> > >
> > > I'n not convinced that's something I can fully control on the
> > > various mail
> > > clients on the phones, it's just the same as using ssl client
> > > certs. Not all
> > > devices support it.
> >

Hi again,

Did you get this to work?

Otherwise, did you get the authenicated header added from postfix, and
what does your Postfix trust-setting look like on the MS host?

/Markus

--
This message has been scanned for viruses and dangerous content by CronLab
(www.cronlab.com), and is believed to be clean.

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)