Auth question (WAS: Botnet 0.5 plugin)

René Berber r.berber at computer.org
Mon Dec 4 02:50:27 GMT 2006


John Rudd wrote:
> René Berber wrote:
[snip]
>> Does anybody know how to make SA (and Botnet) aware of the
>> authentication?
> 
> 
> As far as I understand it, if SA is aware of it, it sets the "auth="
> field in the Untrusted-Relays and/or Trusted-Relays pseudo-headers to
> something other than empty.
> 
> (the pseudo-headers are header-like fields that SA creates, and that you
> can check rules against, but that doesn't exist in the actual message;
> Trusted-Relays is a pseudo-header that contains information about all of
> the Received headers that match hosts in your trusted-networks and
> Untrusted-Relays is a pseudo-header that contains information about all
> of the other Received headers.)
> 
> How you get SA to recognize where and when Authentication happened isn't
> something I know.  But once SA does know, it should put that information
> into the auth= field.

OK, thanks for the explanation.

Using debug I can see what you are saying, SA did not put anything in the auth=
field :

dbg: metadata: X-Spam-Relays-Untrusted: [ ip=200.52.129.137
rdns=mail.legosoft.com.mx helo= by=cactus-soft.dyndns.org ident=
envfrom=... at legosoft.com.mx intl=0 id=J9POUJ-0001MC-JY auth= ] [
ip=189.149.70.163 rdns=dsl-189-149-70-163.prod-infinitum.com.mx helo=MARISELA
by=mail.legosoft.com.mx ident= envfrom= intl=0 id=kB3G26P6019032 auth= ]


>> I already added to SA's configuration:
>>
>>> header LOCAL_AUTH_RCVD        Received =~ /\(authenticated
>>> bits=\d\)\n\s+by mail
>>> \.legosoft\.com\.mx /
>>
> 
> I don't know if that actually makes SA populate the auth= field or not.
> 
> Might be good to ask all of this over on the SA list.

Yes, good idea (I see a similar message today, "skipping SPF checks for
authenticated users", same complaint LOCAL_AUTH_RCVD doesn't do anything useful).

I did some tests of the above, and LOCAL_AUTH_RCVD is adding 1.0 point to the
score.  It's probably a default score and the documentation I used is either
incomplete or wrong (Ref: http://wiki.apache.org/spamassassin/DynablockIssues).
-- 
René Berber



More information about the MailScanner mailing list