I have users that are sending email on our mail server. Since this mail server is the end-destination for some domains, the email stops there and is not relayed anywhere else. However, when the email is passed off to SpamAssassin, SA checks the various RBLs and sees that this email is in them because it came directly from the user to the server and isn't in a trusted_network, etc.
After thinking about how to solve the problem, I decided that users that have authenticated to send email should be exempted from SA checks. This may not scale for everyone but all our users are not going to send spam. We still check for virii though. *I very much want comments on this line of thought* Anyway, our system uses pop before smtp authentication to prevent SPAM from relaying so I've modded my filter to read the popauth database to see if we can bypass SpamAssassin altogether (see above). Here's my first pass at the situation below. Comments very much appreciated, KAM http://www.peregrinehw.com/downloads/MIMEDefang/contrib/POP_before_SMTP_modification POP Before Auth Tie in to MIMEDefang by Kevin A. McGrail ([EMAIL PROTECTED]) Maintained at: http://www.pccc.com/downloads/ Add (or modify) these four routines to your mimedefang subfilter. They will utilize the POP before Auth database (see http://www.peregrinehw.com/downloads/sendmail/current-8.12.X/untarred/INSTALL). sub filter_initialize { #SETUP A TIE TO THE POP BEFORE SMTP AUTH DATABASE use DB_File; our ($popauthdbfile, $popauthdb); $popauthdbfile = "/etc/mail/popauth.db"; $popauthdb = &opendb_read($popauthdbfile); } # FUNCTION TO TIE READONLY TO A DB_FILE sub opendb_read($$) { my ($dbfile) = @_; my (%db); tie (%db, "DB_File", $dbfile, O_RDONLY, 0, $DB_HASH) || md_syslog('critical', "Could not tie to database: $dbfile!"); return \%db; } sub cleanup { #CLOSE TIE TO POP BEFORE SMTP AUTH &closedb($popauthdb); } # FUNCTION TO CLOSE TO A TIED DB_FILE sub closedb($) { my ($db) = @_; untie %$db; } These function will allow your mimedefang filter to detect whether an email was sent using POP Before SMTP Authentication. I then used that information to add a header to the email and to set a variable $popauth to true in my filter_end routine. #ADD A POP BEFORE SMTP HEADER (& remove any pre-existing ones) my ($popauth) = 0; action_delete_header("X-Pop-Before-SMTP-Auth"); if ($popauthdb->{$RelayAddr}) { action_change_header("X-Pop-Before-SMTP-Auth","$RelayAddr"); $popauth++; } Now, I use the existence of this header to bypass calling SpamAssassin. If you are calling SpamAssassin from your filter, simply add a check for the variable $popauth: if ($Features{"SpamAssassin"} and $popauth < 1) { Otherwise, you modify your procmail recipe. For example, I use a server-wide procmailrc recipe in /etc/procmailrc. The following recipe would pass emails to spamd that are less than 256K in size and do not have the header we added above DROPPRIVS=yes :0fw * < 256000 * !^X-Pop-Before-SMTP-Auth | /usr/bin/spamc -f :0e { EXITCODE=$? } _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
