SMTP Auth

[Mark Nienberg]

Alex Neuman van der Hans wrote:

> How about one of the spamassassin gurus here gives us a hand? You 
> *could* set up a spamassassin rule that gives a strong negative value to 
> something in the headers. I can see from a message that just came in 
> that Dhawal is suggesting something similar.


Here is the spamassassin rule I use for this situation:

# Check for authenticated mail sent from outside the office
# so we can compensate for rbls, etc.
# Note that the Received header has been modified in sendmail.mc so
# it says "authenticated SecretPhrase" instead of just "authenticated".
# This to make it harder for someone to bypass our filters by sending
# us messages with a forged Received header.

header   TMA_AUTH  Received =~ /from .*\(authenticated SecretPhrase 
bits.* by mail\.tippingmar\.com .* cipher=/i

describe TMA_AUTH       Sent through our server using authentication
tflags   TMA_AUTH       nice
score    TMA_AUTH       -5.0


That first part should all be on one line, of course.

Mark Nienberg (not a spamassassin guru)