SASL authenticated users marked as spam

mikea mikea at mikea.ath.cx
Fri Aug 18 17:46:40 IST 2006


On Fri, Aug 18, 2006 at 04:08:09PM +0100, Julian Field wrote:
> Dhawal Doshy wrote:
> > Tony Stocker wrote:
> >> All,
> >>
> >> We set up our server to allow SASL authenticated users to be able to
> >> send (relay) mail through the server.  This way they can use their
> >> mail clients at home or on the road and we don't have to worry about
> >> the ip address.  However in early testing of this we found that
> >> several emails from users who had authenticated were getting marked as
> >> spam by SA (full score line below).  Is there a way to set a rule that
> >> will put SASL authenticated users as 'safe' or at least give a
> >> negative score?
> >>
> >> Aug  8 22:38:55 pps-mail MailScanner[31647]: Message BBF838EB2C.21AF6
> >> from 68.106.108.165 (tony.stocker at example.com) to abc.com,def.com is
> >> spam, SpamAssassin (not cached, score=5.266, required 3, BAYES_50
> >> 0.00, INFO_TLD 1.27, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_SORBS_DUL 2.05)
> >>
> >> Both of the IN_*_DUL rules seem to indicate a 'hit' because of being a
> >> "dial up user" based on what I could find on the web.  However I
> >> believe, if we set things up right, that only authenticated users
> >> should be able to submit messages into the system.  So should I just
> >> disable these rules?  That seems a little ham-fisted to me, and I
> >> don't want to degrade spam detection I just don't want our users own
> >> outbound mails getting marked as spam.
> >>
> >> Any ideas?
> >
> > Read this..
> > http://wiki.apache.org/spamassassin/DynablockIssues
> >
> > See if your MTA will add a X-Auth OR a similar header for 
> > authenticated users. Finally, write a good rule to assign such mails 
> > -ve points.
> You can usually look for something like the word "authenticated" in the 
> "Received" headers. Give that a big negative score.

> Try this in /etc/MailScanner/spam.assassin.prefs.conf :

> header USER_DID_AUTH Received =~ /authenticated/
> score USER_DID_AUTH -10
> describe USER_DID_AUTH User authenticated their SMTP connection

Julian's right, but you want to be sure that you're checking for this 
in a header you can trust, and not a header that the sender fabricated
in _his_ machine. 

Remembber, to SMTP, headers are just part of the data. 

-- 
Mike Andrews, W5EGO
mikea at mikea.ath.cx
Tired old sysadmin 


More information about the MailScanner mailing list