Based on the debian patch: http://patch-tracker.debian.org/patch/series/view/spamass-milter/0.3.1-10/10_dont_handle_authenticated_users.diff --- spamass-milter.cpp 2011-06-08 11:56:33.000000000 +0000 +++ spamass-milter.cpp 2011-06-08 12:04:41.000000000 +0000 @@ -170,6 +170,7 @@ bool flag_full_email = false; /* pass full email address to spamc */ bool flag_expand = false; /* alias/virtusertable expansion */ bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */ +bool ignore_authenticated_senders = false; #if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */ static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER; @@ -181,7 +182,7 @@ main(int argc, char* argv[]) { int c, err = 0; - const char *args = "fd:mMp:P:r:u:D:i:b:B:e:x"; + const char *args = "fd:mMp:P:r:u:D:i:Ib:B:e:x"; char *sock = NULL; bool dofork = false; char *pidfilename = NULL; @@ -213,6 +214,10 @@ debug(D_MISC, "Parsing ignore list"); parse_networklist(optarg, &ignorenets); break; + case 'I': + debug(D_MISC, "Ignore authenticated senders"); + ignore_authenticated_senders = true; + break; case 'm': dontmodifyspam = true; smfilter.xxfi_flags &= ~SMFIF_CHGBODY; @@ -280,7 +285,7 @@ cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl; cout << "SpamAssassin Sendmail Milter Plugin" << endl; cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl; - cout << " [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl; + cout << " [-e defaultdomain] [-f] [-i networks] [-I] [-m] [-M]" << endl; cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl; cout << " [-- spamc args ]" << endl; cout << " -p socket: path to create socket" << endl; @@ -294,6 +299,7 @@ cout << " -f: fork into background" << endl; cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl; cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl; + cout << " -I: skip (ignore) checks if sender is authenticated" << endl; cout << " -m: don't modify body, Content-type: or Subject:" << endl; cout << " -M: don't modify the message at all" << endl; cout << " -P pidfile: Put processid in pidfile" << endl; @@ -783,6 +789,22 @@ } /* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */ + if (ignore_authenticated_senders) + { + char *auth_authen; + + auth_authen = smfi_getsymval(ctx, "{auth_authen}"); + debug(D_MISC, "auth_authen=%s", auth_authen ?: ""); + + if (auth_authen) + { + debug(D_MISC, "sender authenticated (%s) - accepting message", + auth_authen); + debug(D_FUNC, "mlfi_envfrom: exit ignore"); + return SMFIS_ACCEPT; + } + } + debug(D_FUNC, "mlfi_envfrom: enter"); try { // launch new SpamAssassin --- spamass-milter.1.in 2011-06-08 12:05:35.000000000 +0000 +++ spamass-milter.1.in 2011-06-08 12:06:57.000000000 +0000 @@ -14,6 +14,7 @@ .Op Fl e Ar defaultdomain .Op Fl f .Op Fl i Ar networks +.Op Fl I .Op Fl m .Op Fl M .Op Fl P Ar pidfile @@ -119,6 +120,8 @@ flags will append to the list. For example, if you list all your internal networks, no outgoing emails will be filtered. +.It Fl I +Ignores messages if the sender has authenticated via SMTP AUTH. .It Fl m Disables modification of the .Ql Subject: