Auth question (WAS: Botnet 0.5 plugin)

René Berber r.berber at
Mon Dec 4 02:50:27 GMT 2006

John Rudd wrote:
> René Berber wrote:
>> Does anybody know how to make SA (and Botnet) aware of the
>> authentication?
> As far as I understand it, if SA is aware of it, it sets the "auth="
> field in the Untrusted-Relays and/or Trusted-Relays pseudo-headers to
> something other than empty.
> (the pseudo-headers are header-like fields that SA creates, and that you
> can check rules against, but that doesn't exist in the actual message;
> Trusted-Relays is a pseudo-header that contains information about all of
> the Received headers that match hosts in your trusted-networks and
> Untrusted-Relays is a pseudo-header that contains information about all
> of the other Received headers.)
> How you get SA to recognize where and when Authentication happened isn't
> something I know.  But once SA does know, it should put that information
> into the auth= field.

OK, thanks for the explanation.

Using debug I can see what you are saying, SA did not put anything in the auth=
field :

dbg: metadata: X-Spam-Relays-Untrusted: [ ip= helo= ident=
envfrom=... at intl=0 id=J9POUJ-0001MC-JY auth= ] [
ip= helo=MARISELA ident= envfrom= intl=0 id=kB3G26P6019032 auth= ]

>> I already added to SA's configuration:
>>> header LOCAL_AUTH_RCVD        Received =~ /\(authenticated
>>> bits=\d\)\n\s+by mail
>>> \.legosoft\.com\.mx /
> I don't know if that actually makes SA populate the auth= field or not.
> Might be good to ask all of this over on the SA list.

Yes, good idea (I see a similar message today, "skipping SPF checks for
authenticated users", same complaint LOCAL_AUTH_RCVD doesn't do anything useful).

I did some tests of the above, and LOCAL_AUTH_RCVD is adding 1.0 point to the
score.  It's probably a default score and the documentation I used is either
incomplete or wrong (Ref:
René Berber

More information about the MailScanner mailing list