From owner-freebsd-questions@FreeBSD.ORG Tue Jun 12 09:42:56 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1F2A616A46D for ; Tue, 12 Jun 2007 09:42:56 +0000 (UTC) (envelope-from reko.turja@liukuma.net) Received: from www.liukuma.net (www.liukuma.net [62.220.235.15]) by mx1.freebsd.org (Postfix) with ESMTP id CD8AB13C447 for ; Tue, 12 Jun 2007 09:42:55 +0000 (UTC) (envelope-from reko.turja@liukuma.net) Received: from localhost (unknown [127.0.0.1]) by www.liukuma.net (Postfix) with ESMTP id 343411DE19 for ; Tue, 12 Jun 2007 12:39:23 +0300 (EEST) Received: from www.liukuma.net ([127.0.0.1]) by localhost (www.liukuma.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id yWOAggZKHmoG for ; Tue, 12 Jun 2007 12:39:21 +0300 (EEST) Received: from rivendell (c-900471d5.019-61-68617010.cust.bredbandsbolaget.se [213.113.4.144]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) (Authenticated sender: ignatz@www.liukuma.net) by www.liukuma.net (Postfix) with ESMTP id 4E1591CCBB for ; Tue, 12 Jun 2007 12:39:21 +0300 (EEST) Message-ID: <010101c7acd6$0f616b50$0a0aa8c0@rivendell> From: "Reko Turja" Cc: References: <11046174.post@talk.nabble.com><466C2D0F.3040708@webanoide.org><11050907.post@talk.nabble.com><466C5069.1000903@vindaloo.com><11051531.post@talk.nabble.com><20070612163811.75d813d5@localhost><004201c7acd0$3465f2a0$0a0aa8c0@rivendell> <200706120929.l5C9TImI088357@banyan.cs.ait.ac.th> Date: Tue, 12 Jun 2007 12:42:57 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Subject: Re: Spamassassin RBL's X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2007 09:42:56 -0000 >> The directive above tells postfix to add information into >> headers that tell Amavis the mail was sent by someone who was >> authenticated by the system and thus trusted. > > I expect that the above mentionned headers cannot be forged. Else > that > would be a nice way for spam to avoid filtering. > > Beside, I am not sure it is a good measure to disable Amavis for any > email. First goal of amavis is virus scanning, even a > trusted/authenticated sender could have his machine infected and > could > be spreading viruses. Using the header above of course implies that the machine running postfix will relay to amavis only on loopback, not via regular IP - or using other method that can be counted as secure. And of course for viruses authenticating via SASL using encrypted authentication and real user/password pair isn't usually successful :) IMHO mail gateway isn't the point of checking whether machines inside are virus free or not. There should be other practises used on workstations ensuring that the inside environment is virus free at any given moment. -Reko