Date: Tue, 12 Jun 2007 12:42:57 +0300 From: "Reko Turja" <reko.turja@liukuma.net> Cc: <freebsd-questions@freebsd.org> Subject: Re: Spamassassin RBL's Message-ID: <010101c7acd6$0f616b50$0a0aa8c0@rivendell> References: <11046174.post@talk.nabble.com><466C2D0F.3040708@webanoide.org><11050907.post@talk.nabble.com><466C5069.1000903@vindaloo.com><11051531.post@talk.nabble.com><20070612163811.75d813d5@localhost><004201c7acd0$3465f2a0$0a0aa8c0@rivendell> <200706120929.l5C9TImI088357@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
>> The directive above tells postfix to add information into >> headers that tell Amavis the mail was sent by someone who was >> authenticated by the system and thus trusted. > > I expect that the above mentionned headers cannot be forged. Else > that > would be a nice way for spam to avoid filtering. > > Beside, I am not sure it is a good measure to disable Amavis for any > email. First goal of amavis is virus scanning, even a > trusted/authenticated sender could have his machine infected and > could > be spreading viruses. Using the header above of course implies that the machine running postfix will relay to amavis only on loopback, not via regular IP - or using other method that can be counted as secure. And of course for viruses authenticating via SASL using encrypted authentication and real user/password pair isn't usually successful :) IMHO mail gateway isn't the point of checking whether machines inside are virus free or not. There should be other practises used on workstations ensuring that the inside environment is virus free at any given moment. -Reko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010101c7acd6$0f616b50$0a0aa8c0>