Solution: Bypass mailscanner for authenticated smtp users.

Aaron Greengrass archive at
Thu May 3 19:09:50 IST 2012


 From what I can see, that header only successfully matches when the 
most recent hop was my local MX - though that may be incorrect in 
practice. (ie the last message I sent didn't get scanned outbound 
authenticated, but *did* get scanned when it came back in from the 
mailing list, even though the header showed it was authenticated sending 

Simply bypassing spamassasin doesn't disabled any of the mailscanner 
protections, some of the defang routines are worth having on incoming 
mail, but result in embarrassingly broken outgoing newsletters -- 
otherwise I'd leave it on.

I'm interested in hearing any other alternatives that give the same 
result though, I don't claim that this method is any better than any 
other method  - plus it requires some more testing i think.

On 5/3/2012 10:40 AM, Markus Nilsson wrote:
> Hi
> To me that looks like you are bypassing your filter for all incoming 
> emails with "Authenticated user" in any of the received headers.
> If it is the spam score you want to make sure never gets above the 
> threshold you can give a very low score to ALL_TRUSTED, even if that 
> doesn't bypass MailScanner.
> /Markus
> -- 
> Skickat från min Android-telefon med K-9 E-post. Ursäkta min fåordighet.
> Aaron Greengrass <archive at> skrev:
>     I spent a day or so thinking on this one, and have come up with a
>     method that works for me.  I always appreciate seeing solutions to
>     problems I'm having posted, so I am posting this one in turn.
>     One of the email requirements in my environment is that
>     authenticated users not be subject to spam checks. (i.e. I know
>     all of the users, so policy violation isn't an issue).
>     The postfix config i'm using puts everything into HOLD, which
>     guarantees mailscanner will check it. My solution follows:
>     in /etc/postfix/
>     *header_checks = regexp:/etc/postfix/header_checks
>     smtpd_sasl_authenticated_header = yes
>     *
>     in /etc/postfix/header_checks
>     */^Received: .*\(Authenticated sender:.*/ OK
>     /^Received:/ HOLD
>     *
>     There may be a more elegant way to do this, but this was the first
>     method I came up with, and it passes all of my initial testing.
>     Regards,
>     Aaron.
> -- 
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <>, and is
> believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list