not considering authenticated submission as SPAM

Mark Nienberg mark at TIPPINGMAR.COM
Tue Nov 2 06:11:02 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Monday, November 1, 2004, at 06:13  PM, Mathias Körber wrote:
> How do I make mailscanner NOT consider email SPAM which was received
> with SMTP AUTH?
>
> In the following case, a user sent email from their home (dynamic IP)
> via the office server authenticating themselves. The dynamic home IP
> is listed in SBL+XBL (actually CBL). But as the user has authenticated,
> I would like to ignore that...
>
> Is this doable?
> How would I configure this?
> How would I distinguish between cases like this and cases where a
> remote host relays to me using SMTP-AUTH but is not the originating
> site? I would guess it has to check that
>         1. this is the first hop and it has been authenticated?
>
I do this by writing a spamassassin rule to check for a particular 
received header.  Like this:

header   OUR_AUTH       Received =~ /from mydomain\.com 
.*\(authenticated .* by mailserver\.mydomain\.com .* cipher=/i
describe OUR_AUTH       Sent through our server using authentication
tflags   OUR_AUTH       nice
score    OUR_AUTH       -4

The score can be whatever it takes to compensate for your typical 
remote users.  In addition to dial-up rbls, you'll probably find that 
spf rules are triggered, and maybe some others.

Messages received from our users have our domain name in them as shown, 
and the "authenticated" part.  If you are paranoid (like me) and want 
to make sure that spammers don't start putting fake headers in messages 
to try to trigger your negative rule, then you can modify the header 
that your mta puts in the message, so that it is unique to your server. 
  In fact, I have done this so my rule is slightly different than the 
one I showed you above.

The easiest way to modify the Received header in sendmail is to add a 
line like the following to "sendmail.mc" (then m4 etc).

dnl # We redefine the Received header part so it will
dnl # be unique to our site.  Then, we can filter on it in SpamAssassin
dnl # without worrying that it is forged. See cfhead.m4 for default.
dnl # We changed "authenticated" to "authenticated secretword" in the 
following line.
define(`_REC_AUTH_', `$.$?{auth_type}(authenticated secretword')dnl

This only modifies the received header for mail that has been 
authenticated.  Start by copying the appropriate line from "cfhead.m4" 
and pasting it into your "sendmail.mc".  Then edit the line only as 
needed to make it unique, so you don't mess it up.

Now you can modify the spamassassin rule to look like this:

header   OUR_AUTH       Received =~ /from mydomain\.com 
.*\(authenticated secretword .* by mailserver\.mydomain\.com .* 
cipher=/i

Mark Nienberg
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).




More information about the MailScanner mailing list