[Mimedefang] Skipping SA on TLSMTA connections?

Philip Prindeville philipp_subx at redfish-solutions.com
Thu Nov 23 14:48:34 EST 2006 

Jan-Pieter Cornet wrote:

>On Wed, Nov 22, 2006 at 10:31:26PM -0700, Philip Prindeville wrote:
>  
>
>>Locally (and for users on the road) we use port 465 (SMTPS).
>>
>>Since we trust email on this port, it seems a waste of time to scan
>>it for Spam.
>>
>>I figure this is fairly common.  Anyone have an issue with the patch:
>>
>>***************
>>*** 263,269 ****
>>      return if message_rejected();
>>
>>      # Spam checks if SpamAssassin is installed
>>!     if ($Features{"SpamAssassin"}) {
>>        if (-s "./INPUTMSG" < 100*1024) {
>>            # Only scan messages smaller than 100kB.  Larger messages
>>            # are extremely unlikely to be spam, and SpamAssassin is
>>--- 266,272 ----
>>      return if message_rejected();
>>
>>      # Spam checks if SpamAssassin is installed
>>!     if ($Features{"SpamAssassin"} && $SendmailMacros{'daemon_name'} ne 'TLSMTA') {
>>        if (-s "./INPUTMSG" < 100*1024) {
>>            # Only scan messages smaller than 100kB.  Larger messages
>>            # are extremely unlikely to be spam, and SpamAssassin is
>>    
>>
>
>Since the name "TLSMTA" is non-standard (not to mention WRONG for
>port 465, because it's not TLS). I wouldn't add this to the default
>distribution.
>  
>

Hey, that's how it comes out-of-the-box from sendmail.org: it's
set in /etc/mail/submit.mc on my machine.

>But sure, go ahead and change it in your local version.
>
>I don't really understand all the fuss about applying micropatches to
>the examples/suggested-minimum-filter-for-windows-clients file. As the
>name implies, it's an EXAMPLE and a SUGGESTION.
>
>We looked at it, took some parts we liked, then rewritten things from
>scratch.
>
>Now, whenever there's a new release, I skim through the release notes
>looking for new or changed features available from the perl interface,
>and possibly modify our interface to follow suit. I don't even bother
>to diff the example file to the previous release anymore...
>  
>

Well, I do generate diffs after each update, and then patch them back in.

Ideally it would be nice if MdF could peek into the SA configs in this
case, figure out the values of "internal_networks", and then skip the test
for clients on those subnets.

Alas.

-Philip

More information about the MIMEDefang mailing list