On 12.10.21 08:17, Carl Brewer wrote:
I'm trying to sort out a spamassassin issue, using spamass-milter,
submitted email is failing SPF checks, as spamassassin is seeing the
IP address of the mail client and - it fails SPF as you'd expect.
I think this is due to a mis-configuration of my setup of the SMTP
submission stuff in postfix (TCP/587).
I think, but am not clear, that SASL-authenticated connections
shouldn't get run through milters? If you do this :
submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
since all users there are authenticated, you can also add:
-o receive_override_options=no_milters
to turn off milters on suvbmission port, or override list of milters:
-o smtpd_milters=...
or simply use spamass-milter option:
-I Ignores messages if the sender has authenticated via SMTP AUTH.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.
