At 10:00 AM 8/13/2006, Gary V wrote:
>bo320 wrote:
>
> > Hi all,
>
> > For the company i do have a 1-server setup with
> postfix, amavis, spamassassin
> > and clamav. On the server their are the mailboxes of
> the user (imap)
> > Only sasl authenticated users can send email trough the
> server.
>
> > Now i do have the problem that very often the email of
> the sasl users are
> > beeing tagged as spam.
> > i have been considering to put
> "permit_sasl_authenticated" in
> > "smtpd_client_restrictions" to (besides in "
> > smtpd_recipient_restrictions") but that blocks all the
> email from clients
> > which aren't users, which is all the "normal" incoming
> email.
>
> > For the time beeing i have been whitelisting the users
> in spamassassin but
> > that doesn't stop sasl users beeing blocked by RBL's
> every now an then
> > (depending on where they send their mail from).
>
> > Does anyone have a clue how to solve this properly?
> > Thanks in advance!
>
>You can have sasl auth users come in on a different IP address
>or different port. This requires they reconfigure their MUAs:
>
># break out smtp service to original IP
>192.168.1.113:smtp inet n - n - - smtpd
>
>#now we need the loopback interface added back in:
>127.0.0.1:smtp inet n - n - - smtpd
>
>#set up additional IP addresess for auth users, send to
>policy bank:
>192.168.1.114:smtp inet n - n - - smtpd
> -o
> smtpd_recipient_restrictions=permit_sasl_authenticated,reject
> -o content_filter=smtp-amavis:[127.0.0.1]:10026
>
>Then policy bank setup in amavisd.conf:
>
>$inet_socket_port = [10024, 10026]; # change from original
>
>$interface_policy{'10026'} = 'AUTHENTICATED';
>
>$policy_bank{'AUTHENTICATED'} = { # mail originating from
>AUTHENTICATED USERS
> bypass_spam_checks_maps => [1], # don't spam-check
> outgoing mail
>};
>
>More examples and other ideas:
>http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex
>See Example 3 for an example that would not require your users
>to change their setup.
>
>http://marc.theaimsgroup.com/?l=amavis-user&m=114494779227951&w=2
>http://marc.theaimsgroup.com/?l=amavis-user&m=109832320011897&w=2
>
>Gary V
another alternative is to upgrade to postfix 2.3 and use
smtpd_sasl_authenticated_header.
http://www.postfix.org/postconf.5.html#smtpd_sasl_authenticated_header
--
Noel Jones
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
