[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Whitelisting authenicated users
From: |
Andrew Daviel |
Subject: |
Whitelisting authenicated users |
Date: |
Tue, 15 Sep 2009 16:34:02 -0700 (PDT) |
We allow users to relay mail from offsite, provided they authenticate and
use TLS. However, if they connect from home their mail to users onsite
may get tagged by SpamAssassin as coming from a dynamically allocated
address. Certainly, they won't get whitelisted as they would if
connecting at work or at one of our partners.
I'd like to whitelist mail from users who have authenticated to our
mailserver. sendmail notes this in syslog, but does not add it to a
Received header (as postfix seems to). Verify=YES seems to refer to a
successful certificate check in TLS, not to authentication.
I have been able to add a simple check in /etc/mail/spamassassin/local.cf
to add some -ve score for /Authenticated sender:.*by foobar.example.com/
for postfix-relayed mail
(OK, it's easily forgable, but this isn't granting access, just tweaking
scores)
I'd like to do the same in sendmail
I see that sendmail does make the authenticated username available in
${auth_authen} which I presume could be passed to
milters in MILTER_MACROS_ENVRCPT. So this should all be doable.
I wondered if anyone has done it already, or knows how to do it without
rebuilding spamass-milter.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
- Whitelisting authenicated users,
Andrew Daviel <=