Re: SMTP AUTH

[Adam Kujawski]

Quoting "Russell J. Lahti" <address@hidden>:

> When you get this worked out, please post how you did it back to
> the mailing list.  I'm quite sure that this is functionality that
> most everyone would be interested in.

The solution was actually quite simple. I had inserted my if() statement in the
wrong function. I realized my mistake right after I posted my question to the
list. It needs to be done in the mlfi_envfrom() function of spamass-milter.cpp.
At the begining of the mlfi_envfrom function, insert the following and 
recompile:

        if (smfi_getsymval (ctx, "{auth_type}") != NULL)
        {
                return SMFIS_ACCEPT;
        }

That's all their is to it. No changes need to be made to the sendmail
configuration at all.

If the author(s) are reading this list, perhaps they could roll this
functionality into the next release.

> What I would also be interested in doing would be to also specify
> local outgoing mail generated from the webserver, etc also not be
> scanned/tagged, and be able to specify IP addresses to avoid
> scanning/tagging messages from.

I think you should be able to accomplish this by specifing the IP's you wish to
skip the milter check for using the 'trusted_networks' configuration option in
spamassassin's local.cf. Another way would be to use the the -i option for the
spamass-milter daemon (it's documented in the man page). They both do the same
thing. We use 'trusted_networks' to keep from scanning mail sent by our
dialup/DSL/wireless customers.

On your webserver, you can set your main SMTP server as a smarthost, forcing all
outbound mail from your webserver to relay through your mail server, regarless
of its final destination. Then you can either whitelist your webserver's IP
address, or enable SMTP AUTH for outgoing connections to the smarthost. Sendmail
can be configured to use SMTP AUTH when acting as a client by specifying a
username/password with 'confDEF_AUTH_INFO'.


-Adam