SASL authenticated users marked as spam

Julian Field MailScanner at ecs.soton.ac.uk
Fri Aug 18 16:08:09 IST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Dhawal Doshy wrote:
> Tony Stocker wrote:
>> All,
>>
>> We set up our server to allow SASL authenticated users to be able to
>> send (relay) mail through the server.  This way they can use their
>> mail clients at home or on the road and we don't have to worry about
>> the ip address.  However in early testing of this we found that
>> several emails from users who had authenticated were getting marked as
>> spam by SA (full score line below).  Is there a way to set a rule that
>> will put SASL authenticated users as 'safe' or at least give a
>> negative score?
>>
>> Aug  8 22:38:55 pps-mail MailScanner[31647]: Message BBF838EB2C.21AF6
>> from 68.106.108.165 (tony.stocker at example.com) to abc.com,def.com is
>> spam, SpamAssassin (not cached, score=5.266, required 3, BAYES_50
>> 0.00, INFO_TLD 1.27, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_SORBS_DUL 2.05)
>>
>> Both of the IN_*_DUL rules seem to indicate a 'hit' because of being a
>> "dial up user" based on what I could find on the web.  However I
>> believe, if we set things up right, that only authenticated users
>> should be able to submit messages into the system.  So should I just
>> disable these rules?  That seems a little ham-fisted to me, and I
>> don't want to degrade spam detection I just don't want our users own
>> outbound mails getting marked as spam.
>>
>> Any ideas?
>
> Read this..
> http://wiki.apache.org/spamassassin/DynablockIssues
>
> See if your MTA will add a X-Auth OR a similar header for 
> authenticated users. Finally, write a good rule to assign such mails 
> -ve points.
You can usually look for something like the word "authenticated" in the 
"Received" headers. Give that a big negative score.

Try this in /etc/MailScanner/spam.assassin.prefs.conf :

header USER_DID_AUTH Received =~ /authenticated/
score USER_DID_AUTH -10
describe USER_DID_AUTH User authenticated their SMTP connection

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.7.0
Charset: ISO-8859-1

wj8DBQFE5dfaEfZZRxQVtlQRArwDAKDJbEcGPfMlsg1hKN02zFc4KBapbgCeLWmX
sRXGAb1YPl2llLT3PEXu+Ng=
=Bbwl
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk



More information about the MailScanner mailing list