On 23 mrt 2011, at 00:47 Nils Breunese (Lemonbit) wrote: > On 22 mrt 2011, at 23:53 Nils Breunese (Lemonbit) wrote: > >> Hello all, >> >> This issue has been bugging me for ages, but I never found a solution to >> this. I just subscribed to this list and I hope someone here can help out. >> >> ---- >> THE SETUP >> ---- >> >> We have servers that run CentOS with Plesk 9 and its (xinetd based) qmail >> distribution. On top of that we use the qmail-scanner package from the >> atomic repository at atomicorp.com with their SpamAssassin and ClamAV >> packages. >> >> This is a typical list of installed RPM packages and their versions on such >> a server: >> >> centos-release-5-5.el5.centos.x86_64 >> psa-qmail-1.03-cos5.build95101209.08.x86_64 >> qmail-scanner-2.08-3.el5.art.x86_64 >> spamassassin-3.3.1-1.el5.art.x86_64 >> clamd-0.97-1.el5.art.x86_64 >> >> ---- >> THE PROBLEM >> ---- >> >> All is working fine with this setup, except that e-mail messages which are >> sent using SMTP auth regularly get tagged as spam (for instance because >> clients are sending e-mail from home DSL connections which are listed on >> various RBL's). Do you know of any way that qmail-scanner could distinguish >> between a message that was submitted locally using SMTP auth and a message >> that was not? If that is possible, then I guess it should be possible to >> have qmail-scanner skip those messages or otherwise have SpamAssassin not be >> so hard on those messages. Any pointers on getting this to work are welcome. >> >> If you need any more info on this setup, let me know. > > Answering my own question here, but I just thought of a possible solution > which seems to work: I added RELAYCLIENT=1 to the env setting in > /etc/xinetd.d/submission_psa, restarted xinetd and it seems that now all > messages sent via port 587 (submission) are no longer being scanned! I > believe RELAYCLIENT=1 is normally set when smtp auth has succeeded, but > apparently Plesk's qmail doesn't work like that. But since submission can > only be used with smtp auth I guess I should be fine setting RELAYCLIENT=1 > myself in that case, right? > > If there is no flaw in this logic, maybe I'll patch qmail-scanner to check > for SUBMISSION=1 and treat those messages as being sent by a relay client, > since that is an environment variable which is set by Plesk by default in the > submission case. Does that sounds like I'm making sense? Could this even be a > patch that you'd incorporate into qmail-scanner?
Even better maybe: the xinetd configuration sets the environment variable SMTPAUTH=1 when smtp auth is successful, so I guess I could make qmail-scanner check for that. Does this sound like a good solution? Something you'd accept a patch for? Nils. ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
