On 04/10/2011 23:10, Ted Mittelstaedt wrote:
This question comes up enough so that it ought to be in the FAQ.
spamass-milter as others have said does not pay attention to
authenticated mail. Other milters do - but other milters are
often a lot more complicated, and can run slower, to say nothing
of having to learn additional configuration steps and possibly
load additional dependent libraries on the server for the milters.
There is something to be said for the UNIX philosophy of "small
is beautiful" You may love your MIMEdefang but why do I have to
run it when this problem is so easily fixed?
The reason spamass-milter doesn't do this was documented
http://lists.nongnu.org/archive/html/spamass-milt-list/2004-03/msg00014.html
spamass-milter doesen't pass a complete Received line to Spamassassin
so there is no way to exempt authenticated mail from spam scanning
unless you do it in spamass-milter itself. The patch here does that:
mail# diff -u spamass-milter.cpp.original spamass-milter.cpp
--- spamass-milter.cpp.original 2009-01-15 14:43:32.000000000 -0800
+++ spamass-milter.cpp 2009-01-15 14:45:05.000000000 -0800
@@ -776,6 +776,12 @@
struct context *sctx = (struct context *)smfi_getpriv(ctx);
char *queueid;
+ if (smfi_getsymval (ctx, "{auth_type}") != NULL)
+ {
+ return SMFIS_ACCEPT;
+ }
+
+
if (sctx == NULL)
{
debug(D_ALWAYS, "smfi_getpriv failed!");
mail#
Make sure you pass the -a flag to the milter or this patch is not
activated
ALSO NOTE:
This spamass-milter patch is already present in a number of UNIX
distributions. For example in the FreeBSD ports system it is
a flag that is selected during the spamassassin build. I believe I've
seen it mentioned in a Debian distro as well.
Thanks Ted! I was on the verge of adding something similar to the code
myself. I can't actually find the patch on the current FreeBSD ports
tree but it obviously goes at the start of mlfi_envfrom() in
spamass-milter.cpp
You're not wrong about this being a FAQ - trouble is it's not frequently
answered.
The solution I'm going for now is to use a different filter set for
daemons that have required authentication - a facility I didn't know
existed until an hour ago.
Regards, Frank.
--
--------------
Sent from my Cray XT5
