SASL authenticated users marked as spam

Julian Field MailScanner at
Fri Aug 18 16:08:09 IST 2006

Hash: SHA1

Dhawal Doshy wrote:
> Tony Stocker wrote:
>> All,
>> We set up our server to allow SASL authenticated users to be able to
>> send (relay) mail through the server.  This way they can use their
>> mail clients at home or on the road and we don't have to worry about
>> the ip address.  However in early testing of this we found that
>> several emails from users who had authenticated were getting marked as
>> spam by SA (full score line below).  Is there a way to set a rule that
>> will put SASL authenticated users as 'safe' or at least give a
>> negative score?
>> Aug  8 22:38:55 pps-mail MailScanner[31647]: Message BBF838EB2C.21AF6
>> from (tony.stocker at to, is
>> spam, SpamAssassin (not cached, score=5.266, required 3, BAYES_50
>> 0.00, INFO_TLD 1.27, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_SORBS_DUL 2.05)
>> Both of the IN_*_DUL rules seem to indicate a 'hit' because of being a
>> "dial up user" based on what I could find on the web.  However I
>> believe, if we set things up right, that only authenticated users
>> should be able to submit messages into the system.  So should I just
>> disable these rules?  That seems a little ham-fisted to me, and I
>> don't want to degrade spam detection I just don't want our users own
>> outbound mails getting marked as spam.
>> Any ideas?
> Read this..
> See if your MTA will add a X-Auth OR a similar header for 
> authenticated users. Finally, write a good rule to assign such mails 
> -ve points.
You can usually look for something like the word "authenticated" in the 
"Received" headers. Give that a big negative score.

Try this in /etc/MailScanner/spam.assassin.prefs.conf :

header USER_DID_AUTH Received =~ /authenticated/
score USER_DID_AUTH -10
describe USER_DID_AUTH User authenticated their SMTP connection

- -- 
Julian Field
Buy the MailScanner book at

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

Version: PGP SDK 3.7.0
Charset: ISO-8859-1


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit

More information about the MailScanner mailing list