Solution: Bypass mailscanner for authenticated smtp users.
archive at greenbtn.com
Thu May 3 19:09:50 IST 2012
From what I can see, that header only successfully matches when the
most recent hop was my local MX - though that may be incorrect in
practice. (ie the last message I sent didn't get scanned outbound
authenticated, but *did* get scanned when it came back in from the
mailing list, even though the header showed it was authenticated sending
Simply bypassing spamassasin doesn't disabled any of the mailscanner
protections, some of the defang routines are worth having on incoming
mail, but result in embarrassingly broken outgoing newsletters --
otherwise I'd leave it on.
I'm interested in hearing any other alternatives that give the same
result though, I don't claim that this method is any better than any
other method - plus it requires some more testing i think.
On 5/3/2012 10:40 AM, Markus Nilsson wrote:
> To me that looks like you are bypassing your filter for all incoming
> emails with "Authenticated user" in any of the received headers.
> If it is the spam score you want to make sure never gets above the
> threshold you can give a very low score to ALL_TRUSTED, even if that
> doesn't bypass MailScanner.
> Skickat från min Android-telefon med K-9 E-post. Ursäkta min fåordighet.
> Aaron Greengrass <archive at greenbtn.com> skrev:
> I spent a day or so thinking on this one, and have come up with a
> method that works for me. I always appreciate seeing solutions to
> problems I'm having posted, so I am posting this one in turn.
> One of the email requirements in my environment is that
> authenticated users not be subject to spam checks. (i.e. I know
> all of the users, so policy violation isn't an issue).
> The postfix config i'm using puts everything into HOLD, which
> guarantees mailscanner will check it. My solution follows:
> in /etc/postfix/main.cf
> *header_checks = regexp:/etc/postfix/header_checks
> smtpd_sasl_authenticated_header = yes
> in /etc/postfix/header_checks
> */^Received: .*\(Authenticated sender:.*/ OK
> /^Received:/ HOLD
> There may be a more elegant way to do this, but this was the first
> method I came up with, and it passes all of my initial testing.
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner