SMTP Auth
Alex Neuman van der Hans
alex at nkpanama.com
Wed May 3 18:49:31 IST 2006
Mark Nienberg wrote:
>
> # Check for authenticated mail sent from outside the office
> # so we can compensate for rbls, etc.
> # Note that the Received header has been modified in sendmail.mc so
> # it says "authenticated SecretPhrase" instead of just "authenticated".
> # This to make it harder for someone to bypass our filters by sending
> # us messages with a forged Received header.
>
> header TMA_AUTH Received =~ /from .*\(authenticated SecretPhrase
> bits.* by mail\.tippingmar\.com .* cipher=/i
>
The place for the "secretphrase" would be where the cfhead.m4 says:
_REC_FULL_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
right?
BTW, mine says "rec_full_auth" instead of the "rec_auth" that comes with
the stock cf file so I can tell *who* authenticated - not just the fact
that the message *was* authenticated.
More information about the MailScanner
mailing list