Re: Smtp auth and trusted_networks

Fri, 11 Jul 2014 12:21:35 -0700 

I implemented your patch, but unfortunatelly it did not work for me.
Authenticated sender IP address was recognised as trusted.

I still need to have 'smtpd_sasl_authenticated_header = yes' in my postfix
so i commented out these 3 lines.
And it does work for my installation.

---
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata/Received.pm.orig
2010-03-16 14:49:21.000000000 +0000
+++
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata/Received.pm
2014-07-11 17:20:21.497687731 +0000
@@ -389,9 +389,9 @@
   # with ASMTP (Authenticated SMTP) is used by Earthlink, Exim 4.34, and
others
   # with HTTP should only be authenticated webmail sessions
   # with HTTPU is used by Communigate Pro with Pronto! webmail interface
-  if (/ by / && / with (ESMTPA|ESMTPSA|LMTPA|LMTPSA|ASMTP|HTTPU?)(?:
|$)/i) {
-    $auth = $1;
-  }
+#    if (/ by / && / with (ESMTPA|ESMTPSA|LMTPA|LMTPSA|ASMTP|HTTPU?)(?:
|$)/i) {
+#      $auth = $1;
+#    }
   # Courier v0.47 and possibly others
   elsif (/^from .*?(?:\]\)|\)\]) \(AUTH: (LOGIN|PLAIN|DIGEST-MD5|CRAM-MD5)
\S+(?:, .*?)?\) by /) {
     $auth = $1;


Thanks All for the help.

2014-07-11 17:26 GMT+03:00 Kevin A. McGrail <kmcgr...@pccc.com>:

> On 7/10/2014 5:55 PM, Giampaolo Tomassoni wrote:
>
>> Il 2014-07-10 17:36 Nick I ha scritto:
>>
>>  Hi
>>>
>>> In the following example our mx received message with ESMTPSA from
>>> 1.1.1.1 and that ip detected as trusted.
>>> Our trusted_networks list do not have this ip configured.
>>>
>>> I need to run rbl check against 1.1.1.1.
>>> Is there any settings to not add authenticated host to trusted hosts ?
>>>
>>> We use SpamAssassin version 3.3.1.
>>>
>>
>> You case is exactly what the patch in bug#6430 (
>> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6430) attempts to
>> cover.
>>
>> Unfortunately, that patch never went into any SA version, so you have to
>> apply it by yourself if you really need to let your MX act as an MSA in
>> case of authenticated submissions.
>>
>> If you use amavis, there is another option: move mail submission to
>> another instance of your smtp daemon and configure it to submit received
>> (and authenticated) message to an amavis channel you prepared for outgoing
>> mail.
>>
>> Regards,
>>
>> Giampaolo
>>
> If you use that patch and it works, please weigh in on the bugzilla or at
> least on the list.  The patch was considered pretty esoteric and didn't
> justify yet another option in the code.  But if people need it and use it,
> we will of course reconsider.
>

Reply via email to