On Mon, 18 Dec 2006 16:13:32 -0500, Thomas Bolioli <[EMAIL PROTECTED]> wrote:
>Dan Horne wrote: >> >> >> >> >>>> Set up SMTP AUTH and require your users to log in to >>>> >> send email. If I >> >>>> understand correctly Spamassassin automatically trusts >>>> >> mails sent via >> >>>> SMTP AUTH. >>>> >> >> >> >>> Thanks for the response. SMTP auth is set up so there must be >>> >> something I need to do to tell SA that it was auth'd. >> >>> Any ideas? >>> Thanks, >>> Tom >>> >> >> I found out about it at the link below and had to add a config option to >> my postfix I think to get it to add the appropriate info in the headers >> (documented in the page below). >> >> http://wiki.apache.org/spamassassin/DynablockIssues >> >> If you're using postfix, the parameter is >> "smtpd_sasl_authenticated_header = yes" which makes your received >> headers contain info like: >> >> Received: from host.example.com (dyna-IP-AD-DRE-SS.example.com >> [IP.AD.DRE.SS]) >> (Authenticated sender: [EMAIL PROTECTED]) >> by mail.example.org (Postfix) with ESMTP id 6A3922B22E0; >> Tue, 12 Dec 2006 15:24:46 -0500 (EST) >> >> Spamassassin picks up on the "Authenticated sender:" portion of this >> line and "trusts" the sender. >> >> CONFIDENTIALITY NOTICE: >> This email message, including any attachments, is for the sole use of the >> intended recipient(s) and may contain confidential and privileged >> information. Any unauthorized review, use, disclosure or distribution is >> prohibited. If you are not the intended recipient, please contact the sender >> by reply email and destroy all copies of the original message. >> >> SPAM-FREE 1.0(2476) >> >> > >You nailed it. That was it and it is now working. Thanks for the assist. >Tom Is this applicable to sa servers that receive mail from a sender as well as those that send mail from said users? Our systems currently bypass all sa tests for auth'd users but I wonder what receiving servers make of this. Many of my users are on the road and regularly send mail from places that would get an outright block locally without the bypass. Would they get a better reception from the recipient server if the header above was included? To date I've not had a reported problem, we use an alternate port for auth'd users so the usual muppetry of proxies is avoided. KR Nigel
