[Pymilter] excluding authenticated clients from SPF checks
Stuart D Gathman
stuart at gathman.org
Wed Nov 13 17:15:52 EST 2024
On Wed, 13 Nov 2024, Marco Moock wrote:
> I run sendmail and pyspfmilter on Debian.
>
> I would like to exclude authenticated clients (coming from all over the
> world) from the SPF checks.
>
> Is there a way in spfmilter to do that?
Short answer: Yes
Long answer: what kind of authentication? SPF? DKIM? I'm going
to hazard a guess that you mean SMTP AUTH.
To get the SMTP AUTH result from the envfrom milter callback:
auth_type = self.getsymval('{auth_type}')
user = self.getsymval('{auth_authen}')
Now spfmilter.py already has some code for this:
# Restrict SMTP AUTH users to authorized domains
authsend = '@'.join((self.user,domain))
with MTAPolicy(authsend,self.conf) as p:
policy = p.getPolicy('smtp-auth')
print('smtp-auth policy:',policy,authsend,self.conf.access_file)
So in my access file, for me I have:
SMTP-Auth:stuart at gathman.org OK
Which allows me to send from gathman.org domain.
Now, maybe this existing code is not quite what you want. Please
describe additional requirements. E.g. in bms.py, the messy milter
I use, the WHITELIST policy (instead of OK) not only allows an SMTP AUTH
user to send from a domain, but auto whitelists the recipients (avoiding
the aggravation of greylisting and spam checking).
More information about the Pymilter
mailing list