Warren Togami a écrit : > I am trying to reconfigure my postfix server to get rid of false > positives in the masschecks. > > * I run my own postfix server at example.com. > * Several of my users have IMAP accounts on my server. They send their > outgoing mail via my server with SMTP-after-IMAP. This has been working > fine except this causes trouble for the masschecks in cases where they > sent mail to other users on my server. Their legitimate mail is > triggering rules like RCVD_IN_SORBS_DUL, RDNS_DYNAMIC, and occasionally > RCVD_IN_PBL because the only Received header is the delivery directly > from their home IP address. > * I enabled TLS with SASL authentication. This is working, but the > following Received header is still triggering these rules. > > Received: from [XX.XX.XX.XX] (XX-XX-XX-XX.isp.example.com > [XX.XX.XX.XX]) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 > bits)) (No client certificate requested) by mail.example.com > (Postfix) with ESMTP id DEADBEEF47 for <u...@example.com>; Sun, 11 > Oct 2009 02:01:37 -0400 (EDT)
this header doesn't show the user was authenticated. use SASL authenticatoin instead of smtp-after-foo. if that's not possible, you'll need to cheat by altering the above header to make it look like "ESMTPA". > ... > No, score=0.6 required=5.0 tests=BAYES_00,RCVD_IN_SORBS_DUL, > RDNS_DYNAMIC,TVD_SPACE_RATIO autolearn=no version=3.3.0-alpha3-r816412 > > Is it possible to configure postfix to write some kind of auth message > in the Received line if you had authenticated? > postfix does so if you authenticated and you have smtpd_sasl_authenticated_header = yes but smtp-after-* is not authentication as far as postfix is concerned. (smtp-after-* is a hack). That said, you can add a header of your choice (with PREPEND) if you can change the map that your smtp-after-* mechanism updates for postfix. > Does spamassassin and masscheck have any way to recognize such headers > to know to skip that line for rule checks? >