Page 1 of 1

Allow outbound Spamassassin scans when authenticated

Posted: 2014-02-23 18:03
by percepts
Please can we have an option to allow Spamassassin outbound scans even if user is authenticated.
An option in spamassassin panel to enable/disable outbound scans when authenticated would be useful.

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2014-02-26 16:19
by djhabana
Something to add on this is, if the mail has then been seen as spam, that it would add it to the users draft (and not send it) or (Unsent-Spam XOXO) so that the user can know whether the mail would be seen as spam or not

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2014-02-27 01:46
by Bill48105
This should be pretty easy to do based on my recollection of the code when I was in that area but some people might not want it or only for some users/domains which complicates things. What I might do is next time i'm in there add an OPTIONAL setting to not skip scanning of auth'd mail as a starting point as I should be able to do that in as much time as it takes me to type this response but anything beyond that will have to wait until we've had time to think thru the optional conditions. (Btw the funny thing is I SWORE hmail scanned even auth'd email's since there is such a delay in sending from email clients so now I'll have to investigate what is being done during the delay)

btw in terms of djhabana's suggestion, I don't ever see that happening.. For one is that'd be IMAP specific & many use POP. But also it'd be such a non-standard thing to do I really don't see it being done. Perhaps it needs it's own feature request instead of piggy backing on this one.
Bill

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2014-02-27 02:23
by percepts
from my perspective I would be quite happy for SA scan to be done on all outgoing mail at a server level rather than user or domain level.

One thing I think is neccessary, having considered it a little more is an outgoing reject threshold. I think some users never delete incoming spam and just mark it so their delete threshold is set high. However, from my perspective, if you can stop outgoing spam when it reaches SA required score rather than using incoming hmail delete threshold that would be very useful. i.e. it would protect your server from sending out spam whilst allowing incoming spam to be marked as spam but not deleted so that you don't lose any false positives.

p.s. for all I know that may already be how it happens, I haven't tested it down to that level (yet).

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2014-02-27 02:42
by percepts
djhabana,

my test when I switched off authentication actually rejects the mail send back to the sender with a 554 error and spamAssassin reject message so the sending user is immediately notified because the mail fails to be accepted by hmail.
I don't know what happens when you are using automated sending.

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2014-07-22 16:04
by percepts
Also see Topic

http://www.hmailserver.com/forum/viewto ... =2&t=26788

perhaps they could be merged into this POLL as...

"allow spam and virus checks on local outbound when authenticated"

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2014-08-19 19:51
by AyrA
This feature would be really great.
I have 16K accounts on my server so outgoing spam is an issue.

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2014-12-04 05:17
by kipp
I have been fighting infected users PC's for the last 2 days. I really need this.

I've been looking for scripts in the forums to assist with this to fill the gap. Any suggestions?

Thanks.

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2015-04-07 02:05
by sckramer2
Any chance we can have this Martin? Even tho it's miles down the feature request list? Get bit by this all the time--

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2015-06-26 19:01
by RvdH
I agree this would be a very useful option, today one of my users had his account hacked/hijacked and his account has been spamming like hell :(
As far as i can see, SpamAssassin would have triggered on these e-mails because the IP send from are all on at least one blacklist, and the terms used in these mails...well what can i say, f*** this, su** that and the alike!

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2016-03-31 16:16
by AyrA
I like to push this up again. I am in the process of deleting about 200'000 e-mails from the queue which are spam.

Re: Allow outbound Spamassassin scans when authenticated

Posted: 2016-07-14 23:43
by percepts
bump

lots more votes please :wink: