Re: [AMaViS-user] SMTP AUTH not subjected to unnecessary check?

Tue, 16 Mar 2010 10:22:23 -0700 

Voytek,

> I have Postfix with SMTP AUTH with amavisd, it all works well (as long as
> I don't touch it..)
> 
> (cross posted to postfix list as well)

Advice (mouss and others) feed authenticated mail to amavisd on a
dedicated port is good, regardless of whether you need this separation
right away, or later.

(from mouss):
  -o content_filter=smtp-amavis:[127.0.0.1]:10586

A suitable amavisd counterpart is a policy bank associated with
this port number:

$inet_socket_port = [10024,10586];

$interface_policy{'10586'} = 'AUTHENTICATED';

$policy_bank{'AUTHENTICATED'} = {
  originating => 1,
}

Optionally you can change other settings inthere, like
using different banning rules, using higher score limits, etc.

Also, the name of loaded policy banks is reflected in a mail header
passed to SpamAssassin, so you can adjust SA rules based on name(s)
of policy banks active, e.g.:

header __L_MYNETS X-Amavis-PolicyBank =~ 
m{(\A|/)(MYNETS|ORIGINATING|AUTHENTICATED)(/|$)}m

meta  L_OTHERS_UNDISC_RECIPS   UNDISC_RECIPS && !__L_MYNETS
score L_OTHERS_UNDISC_RECIPS   0.841
score UNDISC_RECIPS            0.001


> I have now "allowed" some users to use SMTP AUTH, but, some of their mail
> then gets evaluated as 'spam' by amavisd/spamassasin scores, amongst
> these, 'dynamic ip' type scores
> am I correctly exempting SMTP AUTH users from unnecessary anti-spam evals
> such as 'dynamic ip' 'direct access to smpt host' type of evals ?

Make sure your trusted_networks, internal_networks and msa_networks
are configured correctly.

Let Postfix add authentication data into its Received header fields:

smtpd_sasl_authenticated_header = yes
smtpd_tls_received_header = yes

See also: http://wiki.apache.org/spamassassin/DynablockIssues

  Mark

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 
 AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to