Re: Multidomain Mailhosting on one physical host
Benny Pedersen wrote: POP-before-SMTP olso works with imap only bad thing about POP-before-SMTP is that it does not work if POP-before-SMTP user is behind a NAT ip if a user sits behind NAT it could open relay for more then one user, that the only reason i do not use POP-before-SMTP any more POP-before-SMTP can also cause issues for users with slow connections... SMTP-auth is a lot more reliable -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
Re: Multidomain Mailhosting on one physical host
On Fri, March 3, 2006 18:56, Uwe Kiewel wrote: Also (like Kelson said), if you don't want to scan local-domain mail at all (NOT something I prefer myself), you can probably configure amavisd-new or Postfix to skip mail from these users. POPAuth is not prefered, because a lot of clients use IMAP. POP-before-SMTP olso works with imap only bad thing about POP-before-SMTP is that it does not work if POP-before-SMTP user is behind a NAT ip if a user sits behind NAT it could open relay for more then one user, that the only reason i do not use POP-before-SMTP any more
Re: Multidomain Mailhosting on one physical host
Daryl C. W. O'Shea [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED]... Kelson wrote: [EMAIL PROTECTED] wrote: User Sam and Joe has internet access via DSL with a dynamic ip address. The mail going from [EMAIL PROTECTED] to [EMAIL PROTECTED] is identified as SPAM because the sending ip address is the dynamic dial up address. The best solution would be to make your users send with SMTP-AUTH, and then tell whatever calls SpamAssassin to skip SA if it finds valid SMTP-AUTH info. I'd guess from your description, however, that you're running SpamAssassin on delivery and not on receipt, which will probably make this a bit more challenging. Though if you can check after the fact for valid SMTP-AUTH info, you can probably still make it work. If you can get Postfix to insert RFC 3848 style with ESMTPA tokens or Sendmail style authenticated user lines in the headers, SpamAssassin will automatically recognize that the user is authenticated (if they authenticate) and not do the dynablock checks. If anyone knows how to do this (I've never used Postfix), I'd like to document it on the wiki. I think, this is the best way to solve my problem. At first I'll try to use Nigels solution, to set whitelist-from in SA's local.cf I hope to find these informations to implement it as soon as posible. If you use POP-before-SMTP, there's also the POPAuth plugin available on the wiki at: http://wiki.apache.org/spamassassin/POPAuthPlugin Also (like Kelson said), if you don't want to scan local-domain mail at all (NOT something I prefer myself), you can probably configure amavisd-new or Postfix to skip mail from these users. POPAuth is not prefered, because a lot of clients use IMAP. Regards, Uwe -- SpamAssassin User Mailing list read-only via NNTP or SNMP at obelix.kiewel-online.de Online since March 01, 2006
Re: Multidomain Mailhosting on one physical host
[EMAIL PROTECTED] wrote: User Sam and Joe has internet access via DSL with a dynamic ip address. The mail going from [EMAIL PROTECTED] to [EMAIL PROTECTED] is identified as SPAM because the sending ip address is the dynamic dial up address. The solution is twofold: 1) Don't scan outgoing mail for spam, or don't run network tests on outgoing mail. 2) Treat mail coming from your users as outgoing, even if it's being sent to another domain on your server. The best solution would be to make your users send with SMTP-AUTH, and then tell whatever calls SpamAssassin to skip SA if it finds valid SMTP-AUTH info. I'd guess from your description, however, that you're running SpamAssassin on delivery and not on receipt, which will probably make this a bit more challenging. Though if you can check after the fact for valid SMTP-AUTH info, you can probably still make it work. -- Kelson Vibber SpeedGate Communications www.speed.net
Re: Multidomain Mailhosting on one physical host
Kelson wrote: [EMAIL PROTECTED] wrote: User Sam and Joe has internet access via DSL with a dynamic ip address. The mail going from [EMAIL PROTECTED] to [EMAIL PROTECTED] is identified as SPAM because the sending ip address is the dynamic dial up address. The best solution would be to make your users send with SMTP-AUTH, and then tell whatever calls SpamAssassin to skip SA if it finds valid SMTP-AUTH info. I'd guess from your description, however, that you're running SpamAssassin on delivery and not on receipt, which will probably make this a bit more challenging. Though if you can check after the fact for valid SMTP-AUTH info, you can probably still make it work. If you can get Postfix to insert RFC 3848 style with ESMTPA tokens or Sendmail style authenticated user lines in the headers, SpamAssassin will automatically recognize that the user is authenticated (if they authenticate) and not do the dynablock checks. If anyone knows how to do this (I've never used Postfix), I'd like to document it on the wiki. If you use POP-before-SMTP, there's also the POPAuth plugin available on the wiki at: http://wiki.apache.org/spamassassin/POPAuthPlugin Also (like Kelson said), if you don't want to scan local-domain mail at all (NOT something I prefer myself), you can probably configure amavisd-new or Postfix to skip mail from these users. Daryl
Re: Multidomain Mailhosting on one physical host
On Wednesday 01 March 2006 12:21, you wrote: Have you tried whitelisting the problem addresses? whitelist_from [EMAIL PROTECTED] In this case, what happens, if a spammer fake the from and use the whitelisted address? Uwe