Hello all -
I would like to offer a patch to the smtp-vilter port.
SUMMARY
The patch allows extra information to be (optionally) passed to a spam
backend, allowing it to determine whether an smtp client has successfully
authenticated to the mailserver.
RATIONALE
Such a capability is extremely useful when the spam-scoring rules need to
take into account whether a client has authenticated. A common example is
where a site permits mail forwarding by authenticated mobile users: the
gateway needs to apply modified rules to prevent such mail being incorrectly
detected as spam when the users roam onto untusted networks (e.g. dynamic
IP).
The patch therefore emulates the behaviour of Postfix's
"smtp_sasl_authenticated_header" switch - which is that when the remote
client has authenticated, the string "(Authenticated sender:
sen...@my.domain)" is added to the Received: header.
The reason why smtp-vilter has to be patched to achieve this is because it
plugs in as a 'pre-queue' milter. Therefore the Received: header hasn't yet
been created and smtp-vilter must generate its own artificial version in
order to forward the message to the spam backend.
EFFECT OF PATCH
1. Reads the sasl status from the milter API and (Optionally) adds
"(Authenticated sender: u...@domain)" to the Received: header sent to a spam
backend.
2. Creates new 'header-options' configuration parameter, also with '-H
<num>', to enable the new behaviour (default is OFF).
3. Updates manpages to describe new options and usage (plus one or two
cosmetic fixes to the existing pages).
4. Updates sample configuration.
5. Adds new debug reporting, accessible via '-v -v', to dump messages
to/from backends and SASL parameters received from the milter API.
AVAILABILITY OF PATCH
The patch against the CVS-head version of the port is available from here:
http://www.crossleys.biz/public/smtp-vilter-SASL-patch.tgz
TESTING
I have tested this extensively against spamassassin
(p5-Mail-SpamAssassin-3.2.5p1) and postfix (postfix-2.6.2009125-mysql) under
OpenBSD 4.5 i.386 stable.
I have NOT tested against sendmail - but I don't foresee any issues as long
as the milter API is obeyed.
EPILOGUE
I hope I have created the patch correctly (I used the update-patches target
in bsd.port.mk) and that my coding and approach is up to scratch.
I have tried hard to make the changes both backward compatible for existing
users, and extensible to add more functionality later.
Please don't hesitate to contact me if anything needs explaining or
adjusting.
Kind regards,
MARTIN
