[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bypass spamassassin on smtp authenticated users

Hi Jim,
Something like this is what I was looking for, I'm surprised there isn't a simpler solution, as I understand it's a common problem on small mail servers 

I'm going to try it right now, with the postfix adaptations, of course

Thank you!

Jim Barber escribió:

Am Freitag 19 September 2008 14:05:21 schrieb Carlos Acedo:
Hi,

I'm using postfix, mailscanner and spamassassin in my mail server, is
there a way to aboid spamassassin to check for spam in smtp athenticated
users mail?


Hi.

This is a question probably better asked on the MailScanner mailing list.
But here's what I do (I use Exim, MailScanner, and SpamAssassin).
I've created a perl module called CheckSMTPAuth.pm that I've placed in the /etc/MailScanner/CustomFunctions/ directory. 
It's contents (slightly modified here) are as follows:

    package MailScanner::CustomConfig;

    # Package to check message headers to determine if a message was
        # recieved via an SMTP AUTH connection.
    # The header it is checking for is configured to be added by the Exim
    # mail server when an authenticated session is detected.
    # Using this function, I can add the following to MailScanner.conf
    # to skip spam checks for authenticated users:
    #
    #       Spam Checks = &CheckSMTPAuth
    #

    use strict;

    sub InitCheckSMTPAuth
    {
            # Empty
    }

    sub EndCheckSMTPAuth
    {
            # Empty
    }

    sub CheckSMTPAuth
    {
            my ($message) = @_;
            return 1 unless $message;

            foreach (@{$message->{headers}})
            {
                    if (/X-Some-Header-Added-For-Authenticated-Users: Yes/)
                    {
MailScanner::Log::InfoLog("Message %s from (%s) is authenticated", $message->{id}, $message->{fromuser}); 
                            return 0;
                    }
            }
            return 1;
    }

    1;
As you can see in the comments, I call this from the 'Spam Checks' directive in the MailScanner.conf file. It also relies on your mail server adding a header when authenticated users are encountered. For the above code example I just wrote it as X-Some-Header-Added-For-Authenticated-Users: but that's not what I use. 
The header added shouldn't be known to the outside world.
It's important to also make sure your mail server strips this header from any outgoing emails. 
You don't want people to know what it is.
I don't know how this is done in postfix so you'll have to research that yourself. 
For Exim I do the following:
To add the header, add the following to the acl_check_rcpt section of the Debian exim config: 

    accept
      authenticated = *
      add_header = X-Some-Header-Added-For-Authenticated-Users: Yes
      control = submission/sender_retain
To strip the headers from outgoing emails, add the following to the remote_smtp transport in the Debian exim config: 

    headers_remove = \
        X-Some-Header-Added-For-Authenticated-Users

Hopefully that helps and gives you an idea of what to do with postfix.

Regards,

----------
Jim Barber
DDI Health
Reply to: