On Wed, October 5, 2011 18:02, Frank Leonhardt wrote: > > On 05/10/2011 16:23, Giles Coochey wrote: >> On Tue, October 4, 2011 20:59, Frank Leonhardt wrote: >>> On 04/10/2011 19:22, Kris Deugau wrote: >>>> Frank Leonhardt wrote: >>>>> Here's the problem: >>>>> >>>>> I have a single mail server (not commercial) using sendmail to accept >>>>> incoming mail from all sources, and filtering using spamassassin. It >>>>> also accepts mail from roaming users - encrypted mail using port 465 >>>>> and >>>>> authenticating users with SASL, and is expected to relay this. It all >>>>> works fine except that the trusted mail goes through the milter like >>>>> any >>>>> other, and if it's coming from a dodgy location there's a danger that >>>>> SA >>>>> will block it. (This happens - sent from a WiFi hotspot, non-static >>>>> DSL >>>>> or mobile network that's been blacklisted everywhere). >>>>> >>>>> Is there an easy way I can treat trusted mail differently? >>>> Configure whatever actually calls SA to not do so on authenticated >>>> mail. >>>> >>>> This is possible with MIMEDefang, may be possible with amavis. I >>>> can't say about other milters - you don't say how you're calling SA >>>> from sendmail. >>>> >>>> FWIW, this general answer applies no matter where in the mail chain >>>> you're calling SA - if you don't want it scanned, configure whatever >>>> calls SA to skip the call on whatever conditions you want. Whether >>>> you *can* actually configure<x> to do this is another matter. >>>> >>> Thanks Kris, Kelson and Noel - pretty unanimous answer - just don't >>> call >>> the milter for stuff on 465! Unfortunately I don't know how to achieve >>> this, but I'll go off and do some research now I know what I'm trying >>> to >>> find. >>> >> I use a version of spamass-milter, 0.3.2. >> >> It has the following option: >> >> -I: skip (ignore) checks if sender is authenticated >> > Interesting... but my version of 0.3.2 lacks this option (in the > documentation, and in the source code). I'm curious to know how the > milter could actually tell. > > Have you any idea where you version of 0.3.2 came from? > > As I mentioned elsewhere, the problem is solved for my purposes but I'm > planning to write a comprehensive answer to this whole issue. > I use the city-fan.org repo under CentOS for spamassassin related stuff:
[city-fan.org] name=city-fan.org repository for Red Hat Enterprise Linux (and clones) $releasev er ($basearch) #baseurl=http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basear ch mirrorlist=http://mirror.city-fan.org/ftp/contrib/yum-repo/mirrorlist-rhel$relea sever enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-city-fan.org priority=1