I have Postfix with SMTP AUTH with self issued certificate, it all works well (as long as I don't touch it..)
I have now "allowed" some users to use SMTP AUTH, but, some of their mail then gets evaluated as 'spam' by amavisd/spamassasin scores, amongst these, 'dynamic ip' type scores am I correctly exempting SMTP AUTH users from unnecessary anti-spam evals such as 'dynamic ip' 'direct access to smpt host' type of evals ? or is this something I need to in amavisd/spamassasin ? in other words, is my postfix setup correct ? and, optimal ? thanks ------------------- postconf -n (my network obfuscated as 111.222.yyy.xxx) address_verify_sender = $double_bounce_sender alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases body_checks = pcre:/etc/postfix/body_checks body_checks_size_limit = 150000 broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes header_checks = pcre:/etc/postfix/header_checks home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix-2.4.5-documentation/html local_recipient_maps = unix:passwd.byname $alias_maps local_transport = local mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 10240000 mime_header_checks = pcre:$config_directory/mime_headers.pcre mydestination = $myhostname, localhost.$mydomain mynetworks = 111.222.yyy.xxx 127.0.0.1 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.5-documentation/readme recipient_delimiter = + sample_directory = /etc/postfix/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_loglevel = 1 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache smtp_tls_session_cache_timeout = 3600s smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_no_checks, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname reject_unlisted_recipient, check_sender_access hash:/etc/postfix/freemail_access, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client combined.njabl.org, reject_rbl_client bl.spamcop.net, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client korea.services.net, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client psbl.surriel.com, check_policy_service inet:127.0.0.1:10031, permit smtpd_restriction_classes = from_freemail_host smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/tls/smtpd.crt smtpd_tls_key_file = /etc/postfix/tls/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache smtpd_tls_session_cache_timeout = 36000s strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 10240000 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 5000 virtual_transport = virtual virtual_uid_maps = static:5000 -- Voytek
