[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: Prevent scanning internal mail
From:       Ray Anderson <rsa () rb-com ! com>
Date:       2006-11-30 23:28:21
Message-ID: 456F6915.8070700 () rb-com ! com
[Download RAW message or body]

Craig Morrison wrote:
> Gary V wrote:
>> Exactly. How you prevent sending the message through SA is not a 
>> function of SA itself, but of the implementation, and because of the 
>> large number of implementations and configurations I question whether 
>> it would be practical (or even related) to provide examples of the 
>> various procedures.
>
> Point well taken Gary.
>
>>
>> I didn't see much of anything on this subject in the Wiki.
>
> Neither did I.
>
> I've been googling a bit and the cornucopia of hits for 
> <insert_your_MTA_here>+spamassassin is a mess. :-)
>

My solution to this problem is this:

I'm running postfix 2.1.5-5 on Fedora Core 3 and recently had this same 
question come up.  I was whitelisting all 30something domains I hosted 
but ran into spammers using foo@<domain name> to get around spam filtering.

My solution was to create a rule in postfix main.cf:


smtpd_recipient_restrictions =
     permit_sasl_authenticated,
     check_client_access pcre:/etc/postfix/non-auth.re,
    -- snip --

And the contents of non-auth.re is:
/^/ PREPEND X-No-Auth: Unauthenticated Sender

Since postfix aborts checking at the first match, this has the effect of 
stamping every single message with a header that I can find and react 
to, which for me bypasses spamd -- note:  this decision takes place 
_after_ virus scanning, etc.

Hope this helps someone.

-=Ray

[prev in list] [next in list] [prev in thread] [next in thread]