[sniffer] milter and smtp auth

2015-02-10 Thread Thomas Klaube 
Hi all,

We are using SNFMilter for some time now. Many (most) of our users
are working from outside our LAN. They connect to Port 25 of our
server for mailrelay after a successful SMTP AUTH. 

Sometimes we see false positives from some of the users although
they have been authenticated correctly. Is there a way to tell 
SNFMilter to whitelist authenticated users? As far as I know it
is easy for a milter to see if a client was successfully authenticated
through SMTP Auth. Here is a old thread pointing out how to recognize
a authenticated Client:

http://lists.roaringpenguin.com/pipermail/mimedefang/2005-October/028522.html

This is mimedefang specific of course, but the Macro auth_type is generic
for the Milter protocol. 

Thanx and regards
Thomas

#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: sniffer-...@sortmonster.com
To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com
To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com
Send administrative queries to  sniffer-requ...@sortmonster.com

[sniffer] Re: milter and smtp auth

2015-02-10 Thread Thomas Klaube 
 Ursprüngliche Mail -
 Von: Pete McNeil madscient...@armresearch.com
 An: Message Sniffer Community sniffer@sortmonster.com
 Gesendet: Dienstag, 10. Februar 2015 17:40:02
 Betreff: [sniffer] Re: milter and smtp auth
 

 There is no such mechanism in Message Sniffer at this time.
 
 I might also point out that white-listing mechanisms generally lead to
 abuse. 

I tend to agree that white-listing is usually not the best solution 

But please consider this case: one of our users tries to relay mail 
through our servers and is originating from a Dial-up IP address with
very bad reputation (maybe within truncate) but is correctly authenticated.
Would you agree that such mails should not be marked as spam or even 
discarded (at least not based on IP address reputation)?

 SNFMilter is distributed as source code so you certainly could code this
 modification yourself if you need it for your system, or you might use a
 different milter to force acceptance of messages that you've whitelisted
 either by list or by behavior.

I will consider this option.

 Please if you do find a false positive do report it to us so that we can
 adjust the filters appropriately... much better to get the filtering
 right than to make holes in it.

This is what we do. But we receive quite many false positives alerts from
our users, and it is a time consuming task to report all the false-positives. 
Very often we are not sure, whether these false positiv reports improve
filter quality...

Regards
Thomas

#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: sniffer-...@sortmonster.com
To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com
To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com
Send administrative queries to  sniffer-requ...@sortmonster.com