[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bypass spamassassin on smtp authenticated users

Am Freitag 19 September 2008 14:05:21 schrieb Carlos Acedo:

I'm using postfix, mailscanner and spamassassin in my mail server, is
there a way to aboid spamassassin to check for spam in smtp athenticated
users mail?


This is a question probably better asked on the MailScanner mailing list.
But here's what I do (I use Exim, MailScanner, and SpamAssassin).

I've created a perl module called CheckSMTPAuth.pm that I've placed in the /etc/MailScanner/CustomFunctions/ directory.
It's contents (slightly modified here) are as follows:

	package MailScanner::CustomConfig;

	# Package to check message headers to determine if a message was
        # recieved via an SMTP AUTH connection.
	# The header it is checking for is configured to be added by the Exim
	# mail server when an authenticated session is detected.
	# Using this function, I can add the following to MailScanner.conf
	# to skip spam checks for authenticated users:
	#       Spam Checks = &CheckSMTPAuth

	use strict;

	sub InitCheckSMTPAuth
	        # Empty

	sub EndCheckSMTPAuth
	        # Empty

	sub CheckSMTPAuth
	        my ($message) = @_;
	        return 1 unless $message;

	        foreach (@{$message->{headers}})
	                if (/X-Some-Header-Added-For-Authenticated-Users: Yes/)
	                        MailScanner::Log::InfoLog("Message %s from (%s) is authenticated", $message->{id}, $message->{fromuser});
	                        return 0;
	        return 1;


As you can see in the comments, I call this from the 'Spam Checks' directive in the MailScanner.conf file.
It also relies on your mail server adding a header when authenticated users are encountered.
For the above code example I just wrote it as X-Some-Header-Added-For-Authenticated-Users: but that's not what I use.
The header added shouldn't be known to the outside world.
It's important to also make sure your mail server strips this header from any outgoing emails.
You don't want people to know what it is.
I don't know how this is done in postfix so you'll have to research that yourself.
For Exim I do the following:

To add the header, add the following to the acl_check_rcpt section of the Debian exim config:

	  authenticated = *
	  add_header = X-Some-Header-Added-For-Authenticated-Users: Yes
	  control = submission/sender_retain

To strip the headers from outgoing emails, add the following to the remote_smtp transport in the Debian exim config:

	headers_remove = \

Hopefully that helps and gives you an idea of what to do with postfix.


Jim Barber
DDI Health

Reply to: