On 05/01/2006 1:56 PM, Jason Haar wrote:
Leonardo Rodrigues Magalhães wrote:
Hello Guys,
I have SA running with amavisd/postfix. I also have several
external users with dinamic IP addresses which are allowed to relay
using my server because they authenticate, i have SASL running.
The problem is that right after publishing my SPF informations and
enabling SA to process SPF data, i have some messages from my users,
which are allowed to relay because they authenticated, hitting the
SPF_FAIL rule.
I'd love to hear the answer too. As a long time Qmail user, this issue
is easily dealt to as Qmail sets environment variables telling you if
the current mail message is from a RELAYCLIENT (i.e. a trusted IP or an
authenticated user). As such, tools such as Qmail-Scanner default to not
running SA over "locally" generated mails - which stops this issue entirely.
I've always wanted to know how to do the same thing in Postfix...
The problem with Postfix is that it doesn't insert an RFC 3848
compatible (or any other) auth token in its received headers.
Apparently Postfix 2.3 will include an option to include an auth token
(thanks for budging on this Wietse!), which will allow SpamAssassin to
automatically extend its trust boundary to auth'd users.
Until then, according to David Hollis (see Dec 16/05 message to this
list) there is a patch available for Postfix to include such a token.
If you want to do the same in Qmail, there's a patch available from
Erwin Hoffmann at: http://www.fehcom.de/qmail/smtpauth.html#PATCHES
Daryl
