That sounds like a great idea, but unfortunately it just can't be done. Environment variables can't be changed once the program is running. That's why spamdyke can't turn RELAYCLIENT on/off as appropriate -- it can't turn any other environment variables on/off either. qmail-smtpd is started by spamdyke at the very beginning, so its environment is set at that time and can't be altered based on authentication or anything else.
Communicating with qmail-scanner using environment variables is just the wrong answer. I think the right answer is for qmail-scanner to only scan certain recipient addresses (based on a list, regexs or something similar). Since modifying qmail-scanner this way is probably not something you're interested in undertaking, would it be possible to get your authenticated users to deliver their email on a different port (like 587)? Then you could use a different configuration on that port to skip the SA scanning for those users. -- Sam Clippinger On 11/26/10 3:32 AM, Bgs wrote: > No, you misunderstood. I'm not asking about removing RC anytime later. I > want to disable SA for authenticated users only. > The problem is that both of you (spamdyke/spamassassin) have you own > logic that works well alone, but do not work well together. > The solution could be some way of communication between the two that can > override the default behaviours. This is why I thought about adding > another env var (the main way of communication) that could relay the > information. > > So: > > Spamdyke sets RC for all mail it thinks by its rules, that must be > handled and overrides qmail. > qmail-scanner only filters mail that's not local and RC is not set. > This way I'm forced to override qmail-scanner by setting QS_SPAMASSASSIN > from my smtp.conf and by this scanning authenticated mail as well. > > A possible solution is to add a logic to spamdyke which is able to set a > new env var and also add a logic to qmail-scanner takes it into > consideration when scanning mail. This needs only minor changes in both > software and enables them to peacefully coexist. > > The logic I was thinking of: > > - spamdyke acts as normal with average config > - Add and env var SCAN_SPAM which can be set to 'on' or 'off' > - qmail-scanner acts as normal without the env var (or wrongly set) > - qmail-scanner overrides spam scanning rules if the env var tells it > explicitly to set it on/off > > - Add a rule to spamdyke's config: external-spam-scan-on-auth which > takes on or off as arguments and sets the env var to that. > > The same could be used for other spam scan disable/enable scenarios not > just authentication and as a plain env var, other downstream scanning > modules can utilize it, not just qmail-scanner. > > What to you think Sam? > > Regards > Bgs > > > On 11/25/2010 06:10 PM, Sam Clippinger wrote: > >> I'm not sure this can be resolved. Environment variables can't be >> altered once the qmail-smtpd process has been started: >> http://www.spamdyke.org/documentation/FAQ.html#SUGGESTION7 >> >> spamdyke always sets the RELAYCLIENT variable because it needs to >> override qmail's filters when a client meets spamdyke's criteria for >> relaying. Specifically, if a client authenticates or matches a >> whitelist, spamdyke needs to prevent qmail from blocking the message >> later. I suppose I could change spamdyke to not set the RELAYCLIENT >> variable if authentication is turned off and no whitelists are >> enabled... but the method to trigger/stop the variable would be so >> complex I think it would cause more confusion than it's worth. >> >> What does the rest of your spamdyke configuration look like? Could you >> use it with no whitelists, no configuration directories and "smtp-auth" >> set to "none" or "observe"? >> >> -- Sam Clippinger >> >> On 11/23/10 3:01 PM, Bgs wrote: >> >>> Trying again, it didn't show up on the list... >>> >>> -------- Original Message -------- >>> Subject: RELAYCLIENT setting when spamdyke is authenticating >>> Date: Sun, 21 Nov 2010 14:52:14 +0100 >>> From: Bgs<[email protected]> >>> To: spamdyke users<[email protected]> >>> >>> >>> >>> >>> Hi, >>> >>> I might be the one misinterpreting the docs, but something is strange >>> for me. >>> >>> The setup: >>> >>> spamdyke with auth/access file + qmail-scanner with spamassassin >>> >>> In my access file I have localhost with RELAYCLIENT and no >>> qmail-scanner, all other without RELAYCLIENT and qmail-scanner. >>> >>> I have relay-level set to 'normal' which according to the docs, does >>> the following: >>> >>> |normal|: Prevent relaying unless the sender authenticates, the access >>> file allows relaying or an environment variable allows relaying. >>> Requires |local-domains-entry| or |local-domains-file| and |access-file|. >>> >>> >>> So I was expecting the following: >>> >>> - Normal mail arrives for relay -> denied (does this) >>> - Normal mail arrives for domain in rcpthost -> do NOT set >>> relayclient, pass to q-s and further to qmail-smtpd which will handle >>> it (it doesn't do this) >>> - Authenticated user sends mail -> spamdyke sets RELAYCLIENT, q-s >>> skips checks, qmail-smtpd processes mail >>> >>> The second buffles me: >>> >>> - access file does not set RELAYCLIENT >>> - there is no environment variable passed to spamdyke >>> - the user does not authenticate >>> >>> Apparently spamdyke also sets RELAYCLIENT when the domain is in >>> rcpthosts. This means that spamdyke disables spam filtering. If I >>> override qmail-scanner (with explicit QS_SPAMASSASSIN environment >>> variable) to check all mail, authenticated users get filtered as well >>> which leads to loads of complaints. >>> >>> Am I getting something wrong or is this a bug? >>> >>> Regards >>> Bgs >>> >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
