On 07/25/2012 10:13 AM, Sam Clippinger wrote: > As for not setting the RELAYCLIENT variable unless the user authenticates, > unfortunately that isn't possible: > http://www.spamdyke.org/documentation/FAQ.html#SUGGESTION8
Isn't possible, or isn't easy to do? Please pardon my ignorance. In the case where spamdyke is handling authentication, why is it not possible to delay invoking qmail-smtpd until after authentication has taken place (or not)? The FAQ says: spamdyke must determine what environment variables to set before it starts the qmail-smtpd process (because after qmail-smtpd has been started, spamdyke can't change its environment). For that reason, spamdyke always sets the RELAYCLIENT environment if it has enough information to run its relaying filter. So I guess the key is what's considered to be "enough information". In my mind, "enough information" would include whether the sender has authenticated or not. The FAQ continues: That way, qmail-smtpd will not prevent relaying if spamdyke determines it is allowed (e.g. because the connection is whitelisted). Does whitelisting take precedence over authentication? I don't think it should. Doing so would create an open relay for the whitelisted entry, which I think creates an unnecessary security hole. When I whitelist something, I only want to allow them to bypass the spam filters, not allow them to relay to domains outside of my host. No? BL, I think if spamdyke is going to handle authentication processing (and relay control) effectively, it's going to need to invoke qmail-smtpd only after authentication has occurrred (or not). Thanks for your patience with me on this, Sam. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
