From: mouss on
Voytek Eymont a �crit :
> I have Postfix with SMTP AUTH with self issued certificate, it all works
> well (as long as I don't touch it..)
>
> I have now "allowed" some users to use SMTP AUTH, but, some of their mail
> then gets evaluated as 'spam' by amavisd/spamassasin scores, amongst
> these, 'dynamic ip' type scores
>
> am I correctly exempting SMTP AUTH users from unnecessary anti-spam evals
> such as 'dynamic ip' 'direct access to smpt host' type of evals ?
>
> or is this something I need to in amavisd/spamassasin ?
>
> in other words, is my postfix setup correct ? and, optimal ?
>

there is no evidence in your config that auth'ed mail gets a different
ticket than other mail.

the recommended way is to enable "submission" (port 587) and configure
clients to use this port. This will be more and more common, and if you
get here in a few years, this will be the only recommendation, because
there is no point to complicate things when you can do it simply...

now, you can still use check_* and return a FILTER statement.

in any case, either skip amavisd-new (with content_filter or FILTER) or
configure amavisd-new to listen to multiple ports, one of which doesn't
do spam filtering. Google or other will bring more details.

> [snip]

From: "Voytek Eymont" on

On Fri, March 5, 2010 11:29 am, mouss wrote:
> Voytek Eymont a �crit :

>
> there is no evidence in your config that auth'ed mail gets a different
> ticket than other mail.
>
> the recommended way is to enable "submission" (port 587) and configure
> clients to use this port. This will be more and more common, and if you
> get here in a few years, this will be the only recommendation, because
> there is no point to complicate things when you can do it simply...

Mouss,

but I enabled 'submission' and use port 587 for SMTP AUTH, and, am I
missing something?

from master.cf
...
submission inet n - n - - smtpd
-o smtpd_tls_security_levels=encrypt -o smtpd_sasl_auth_enable=yes
...




--
Voytek

From: Charles Marcus on
On 2010-03-04 8:07 PM, Voytek Eymont wrote:
> but I enabled 'submission' and use port 587 for SMTP AUTH, and, am I
> missing something?

Here's mine:

submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

--

Best regards,

Charles

From: Magnus =?iso-8859-1?Q?B=E4ck?= on
On Friday, March 05, 2010 at 00:16 CET,
Voytek Eymont <lists(a)sbt.net.au> wrote:

> I have Postfix with SMTP AUTH with self issued certificate, it all
> works well (as long as I don't touch it..)

SMTP authentication has nothing to do with self-signed certificates.

> I have now "allowed" some users to use SMTP AUTH, but, some of their
> mail then gets evaluated as 'spam' by amavisd/spamassasin scores,
> amongst these, 'dynamic ip' type scores
>
> am I correctly exempting SMTP AUTH users from unnecessary anti-spam
> evals such as 'dynamic ip' 'direct access to smpt host' type of evals
> ?
>
> or is this something I need to in amavisd/spamassasin ?

There is no configuration in Postfix to affect the operation of external
antispam tools. If you want them to treat certain messages differently
you should look into their configuration.

[...]

--
Magnus B�ck
magnus(a)dsek.lth.se

From: mouss on
Voytek Eymont a �crit :
> On Fri, March 5, 2010 11:29 am, mouss wrote:
>> Voytek Eymont a �crit :
>
>> there is no evidence in your config that auth'ed mail gets a different
>> ticket than other mail.
>>
>> the recommended way is to enable "submission" (port 587) and configure
>> clients to use this port. This will be more and more common, and if you
>> get here in a few years, this will be the only recommendation, because
>> there is no point to complicate things when you can do it simply...
>
> Mouss,
>
> but I enabled 'submission' and use port 587 for SMTP AUTH, and, am I
> missing something?
>
> from master.cf
> ..
> submission inet n - n - - smtpd
> -o smtpd_tls_security_levels=encrypt -o smtpd_sasl_auth_enable=yes
> ..
>
>
>
>

you need something like
-o content_filter=smtp-amavis:[127.0.0.1]:10586

_after_ you have configured amavis to listen on port 10586 and
configured it to skip spam filtering on this port. This part is specific
to amavisd-new. you need to look at its docs. you can also try Gary's page:
http://www200.pair.com/mecham/spam/bypassing.html