https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6430
Summary: Would it be good to consider like an MSA a trusted
relay authenticating a user?
Product: Spamassassin
Version: 3.3.1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Libraries
AssignedTo: [email protected]
ReportedBy: [email protected]
Created an attachment (id=4758)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4758)
This patch escalates an authenticating trusted relay to an MSA
When the SA deployment scenario is around a MX also acting as an MSA (like, in
example, in very simple sites), it is impossible to configure SA to trust the
whole relay chain only in case the user authenticated with the MX.
The msa_networks option can't be used in this case, because this way even the
non-authenticated messages arriving to the MX would be "trusted".
I am attaching here a patch against stock 3.3.1, which modifies the logic in
the Mail::SpamAssassin::Message::Metadata::Received class such that an
authenticating trusted MX would be considered like an MSA.
To me this mob seems ininfluent in the case in which one prefer to keep well
separate outgoing and ingoing message flows, in example by having a
well-defined set of trusted MXes for incoming mail, and a different set of MSAs
for accepting user mail for delivery.
However, the patch somehow puts a lot more "power" in the hands of the trusted
relays, which may possibly be debatable in some setups.
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
