How to disable RBL check when SASL authenticated?

Les nagylzs at
Wed Sep 16 11:15:10 UTC 2015

In the MailScanner documentation on page 62, I see this:

RBLs may be used in any combination of three methods:
1. Blocking at the MTA level: This is an MTA configuration level option.
blocked at the MTA level are not accepted for delivery. Blocking at this
reduces the load on you system but you assume the risk of rejecting some
of real email.
2. MailScanner RBL checking: MailScanner checks to see if the sender or a
relay of
the message is listed in Spam List = or Spam Domains =. If found, the
is marked as spam. If the message is found in multiple RBL lists, the Spam
To Reach High Score = setting is used to determine if the message should be
treated as High Scoring Spam.
3. SpamAssassin scoring: SpamAssassin by default checks various RBL and
adds to
the spam score each time sender or relay of the message is found in an RBL.

Option (1) is not good because I do not want to block all messages based on
RBL. I need something more intelligent - e.g. if it is listed on multiple
RBLs then block, otherwise just mark as spam.
Option (2) would be good, except that RBL checking should not be done for
emails coming through authenticated submission ports. I do not see any way
to conditionally turn on/off RBL checking based on headers.
Option (3) would be almost as good as Option (2), but I could not find a
way to do conditional RBL checks in spamassassin either.

Other options:

- I can use postfix regexp header_checks to bypass MailScanner for
authenticated users, but then it will also disable checks for phissing,
executeable file attachments etc. and I do not want to bypass all of that.
- I could possibly configure two MailScanners, picking up emails from two
different spool directories, and use different configuration files for
them. Then I could write a program that conditionally moves emails from the
postfix HOLD directory, based on sasl authentication headers. But this
solution seems extremely complicated.

There should be a way to do it right, right?

2015-09-16 10:14 GMT+02:00 Les <nagylzs at>:

> Some of my users are sending emails from their mobile phones. They connect
> to my SMTP server with SSL + dovecot auth. Sometimes they are assigned a
> dynamic IP address that is listed in an RBL. (IP addresses are assigned by
> the mobile provider.) When they send the email, it becomes a spam because
> of the sender IP.
> Is there a way to disable RBL checks for SASL authenticated users? Maybe
> it could be given as a rule in spam.whitelist.rules, but I don't know how.
> Spamassassin is turned on by default. It will also do RBL checks with
> pyzor, so I may have to create two rules - one for MailScanner and one for
> spamassassin?
> Thanks,
>    Laszlo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list