not considering authenticated submission as SPAM
Mark Nienberg
mark at TIPPINGMAR.COM
Tue Nov 2 06:11:02 GMT 2004
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
On Monday, November 1, 2004, at 06:13 PM, Mathias Körber wrote:
> How do I make mailscanner NOT consider email SPAM which was received
> with SMTP AUTH?
>
> In the following case, a user sent email from their home (dynamic IP)
> via the office server authenticating themselves. The dynamic home IP
> is listed in SBL+XBL (actually CBL). But as the user has authenticated,
> I would like to ignore that...
>
> Is this doable?
> How would I configure this?
> How would I distinguish between cases like this and cases where a
> remote host relays to me using SMTP-AUTH but is not the originating
> site? I would guess it has to check that
> 1. this is the first hop and it has been authenticated?
>
I do this by writing a spamassassin rule to check for a particular
received header. Like this:
header OUR_AUTH Received =~ /from mydomain\.com
.*\(authenticated .* by mailserver\.mydomain\.com .* cipher=/i
describe OUR_AUTH Sent through our server using authentication
tflags OUR_AUTH nice
score OUR_AUTH -4
The score can be whatever it takes to compensate for your typical
remote users. In addition to dial-up rbls, you'll probably find that
spf rules are triggered, and maybe some others.
Messages received from our users have our domain name in them as shown,
and the "authenticated" part. If you are paranoid (like me) and want
to make sure that spammers don't start putting fake headers in messages
to try to trigger your negative rule, then you can modify the header
that your mta puts in the message, so that it is unique to your server.
In fact, I have done this so my rule is slightly different than the
one I showed you above.
The easiest way to modify the Received header in sendmail is to add a
line like the following to "sendmail.mc" (then m4 etc).
dnl # We redefine the Received header part so it will
dnl # be unique to our site. Then, we can filter on it in SpamAssassin
dnl # without worrying that it is forged. See cfhead.m4 for default.
dnl # We changed "authenticated" to "authenticated secretword" in the
following line.
define(`_REC_AUTH_', `$.$?{auth_type}(authenticated secretword')dnl
This only modifies the received header for mail that has been
authenticated. Start by copying the appropriate line from "cfhead.m4"
and pasting it into your "sendmail.mc". Then edit the line only as
needed to make it unique, so you don't mess it up.
Now you can modify the spamassassin rule to look like this:
header OUR_AUTH Received =~ /from mydomain\.com
.*\(authenticated secretword .* by mailserver\.mydomain\.com .*
cipher=/i
Mark Nienberg
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list