[Mimedefang] How to configure?
tld.mimed at stimulacra.com
Thu Nov 5 10:52:34 EST 2009
Tilman Schmidt wrote:
> What's that combination (action_bounce + action_discard) for?
Hm.. if I remember right (it's been a while since mime-defang
was set up), that is what the example I used (found online
somewhere) had. I thought I found it through the MD website...
but could be wrong.
> How do you access the smtp_auth identity from inside SpamAssassin?
> Or what are you using as the name for the whitelisting?
AFAIK, it's not possible to know if a sender was authenticated
from within SA. I suppose if someone were so inclined, they
could hack the sendmail source and find the place where authentication
is approved and maybe add another header to the email. I don't
even know if that is possible.
Within SA, we use "whitelist_from_rcvd email at address.tld
resolve_domain_name" for all internal employee email addresses.
For non-internal employees, we use "whitelist_from" instead.
Not as secure of course, but as I mentioned previously, our
whitelist score is a small negative number so if by chance
a spammer is forging a whitelisted email address, more than
likely it's at least going to get quarantined based on score.
I've actually implemented a secondary email address check
from within mime-defang. I would have loved to do so in
spamassassin, but frankly I don't have a clue how to go
Basically, the filter pulls out the 'from' email address and
strips away everything except for just the email address.
The filter then scans the sendmail 'virtusertable' file to
see if the email address is listed. If not, I know the
email address is spoofed/an invalid user and do a little
SA hit adjustment right then and there. The downside to it
is that spamassassin reports don't include that information.
But, it's been a very effective means of stopping fake email
addresses that use our domain.
If someone could tell me how to do that in SA, I'd prefer it
that way.. :)
More information about the MIMEDefang