Yeah, this patch was discussed close to 6 years ago:
http://lists.nongnu.org/archive/html/spamass-milt-list/2004-03/msg00014.html
Unfortunately although the spamass-milter maintainer said he would
add this, he never did, and the project appears to have been orphaned
a few years later.
Interesting to see it made it into the optional ports patchs - I use
FreeBSD myself and I didn't realize the maintainer had done that.
Ted
Jean-Yves Avenard wrote:
I found this optional patch in the FreeBSD ports.
It does exactly what I want ; bypass all test if the message was sent
over an authenticated connection...
Could easily be adapted to simply add an extra header for spamassassin
to check on
diff -u orig/spamass-milter.1.in spamass-milter.1.in
--- orig/spamass-milter.1.in Thu Mar 18 10:37:08 2004
+++ spamass-milter.1.in Wed Oct 18 18:06:23 2006
@@ -199,6 +199,9 @@
Requires the
.Fl u
flag.
+.It Fl a
+Causes spamass-milter to pass through unchecked any messages from connections
+established using SMTP authentication. This is useful for sites with
remote users.
.It Fl - Ar spamc flags ...
Pass all remaining options to spamc.
This allows you to connect to a remote spamd with
diff -u orig/spamass-milter.cpp spamass-milter.cpp
--- orig/spamass-milter.cpp Thu Mar 23 13:41:36 2006
+++ spamass-milter.cpp Wed Oct 18 21:13:25 2006
@@ -170,6 +170,7 @@
bool flag_full_email = false; /* pass full email address to spamc */
bool flag_expand = false; /* alias/virtusertable expansion */
bool warnedmacro = false; /* have we logged that we couldn't fetch a
macro? */
+bool auth = false; /* don't scan authenticated users */
#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
@@ -181,7 +182,7 @@
main(int argc, char* argv[])
{
int c, err = 0;
- const char *args = "fd:mMp:P:r:u:D:i:b:B:e:x";
+ const char *args = "fd:mMp:P:r:u:D:i:b:B:e:xa";
char *sock = NULL;
bool dofork = false;
char *pidfilename = NULL;
@@ -196,6 +197,9 @@
/* Process command line options */
while ((c = getopt(argc, argv, args)) != -1) {
switch (c) {
+ case 'a':
+ auth = true;
+ break;
case 'f':
dofork = true;
break;
@@ -281,7 +285,7 @@
cout << "SpamAssassin Sendmail Milter Plugin" << endl;
cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d
xx[,yy...]] [-D host]" << endl;
cout << " [-e defaultdomain] [-f] [-i
networks] [-m] [-M]" << endl;
- cout << " [-P pidfile] [-r nn] [-u
defaultuser] [-x]" << endl;
+ cout << " [-P pidfile] [-r nn] [-u
defaultuser] [-x] [-a]" << endl;
cout << " [-- spamc args ]" << endl;
cout << " -p socket: path to create socket" << endl;
cout << " -b bucket: redirect spam to this mail address. The
orignal" << endl;
@@ -302,6 +306,7 @@
cout << " -u defaultuser: pass the recipient's username to spamc.\n"
" Uses 'defaultuser' if there are multiple
recipients." << endl;
cout << " -x: pass email address through alias and
virtusertable expansion." << endl;
+ cout << " -a: don't scan messages over an authenticated
connection." << endl;
cout << " -- spamc args: pass the remaining flags to spamc." << endl;
exit(EX_USAGE);
@@ -782,6 +787,15 @@
return SMFIS_TEMPFAIL;
}
/* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */
+
+ if (auth) {
+ const char *auth_type = smfi_getsymval(ctx, "{auth_type}");
+
+ if (auth_type) {
+ debug(D_MISC, "auth_type=%s", auth_type);
+ return SMFIS_ACCEPT;
+ }
+ }
debug(D_FUNC, "mlfi_envfrom: enter");
try {
