> On 10.05.09 22:49, Adam Katz wrote: >> The best solution I've seen for this kind of thing is the POPAuth >> plugin, which uses the IMAP/POP authentication tables (as populated for >> the old fashioned POP-before-SMTP scheme) to temporarily add senders' >> IPs to SpamAssassin's trusted_networks list. >> >> http://wiki.apache.org/spamassassin/POPAuthPlugin
Matus UHLAR - fantomas wrote: > But I'd recommend to use that one only if you know that your MTA won't be > able to auth users and put the auth info into Received: headers. > Using SMTP authentication is much much better than pop-before-smtp Uh. I see seven emails with the same misunderstanding of what I said. I never advocated using POP-before-SMTP and POPAuth as a security tool. The *original* intent of POP-before-SMTP was security, and this is not my suggested use of the tool at all. My point was since users are *already* authenticated and Arthur was unable to verify the authentication in SpamAssassin, he could use POPAuth to add the users' IPs to trusted_networks.
