Boris Hinzer wrote: > Hello, > > can anybody verify this behavior? > We are facing the situation, that if we whiteliste local emailadresse the > smtp auth is completely skipped. > Server is then acting like an open relay for these mailaddresses. > > In spamdyke.conf we have the following: > smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true > /var/qmail/bin/cmd5checkpw /bin/true > smtp-auth-level=ondemand-encrypted > > Best regards, > > Boris
I can't verify, but this is the behavior I would expect. If something is whitelisted, all filters are bypassed. Likewise if a session is authenticated. Whitelisting can be dangerous, especially whitelisting your own domain(s). Whitelisting is intended more for getting around trusted mail servers that are misconfigured (rDNS issues typically). If your local users all authenticate (which they should), you can *blacklist* your local domains, which effectively blocks spam which spoofs/forges your domains. This is counter intuitive, but since your users authenticate, they will not be affected by the blacklist. What circumstance lead you to whitelist your local domain in the first place? Difficulty authenticating? -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users