John Rudd jrudd at
Wed May 3 20:34:59 IST 2006

On May 3, 2006, at 10:15, Mark Nienberg wrote:

> Alex Neuman van der Hans wrote:
>> How about one of the spamassassin gurus here gives us a hand? You 
>> *could* set up a spamassassin rule that gives a strong negative value 
>> to something in the headers. I can see from a message that just came 
>> in that Dhawal is suggesting something similar.
> Here is the spamassassin rule I use for this situation:
> # Check for authenticated mail sent from outside the office
> # so we can compensate for rbls, etc.
> # Note that the Received header has been modified in so
> # it says "authenticated SecretPhrase" instead of just "authenticated".
> # This to make it harder for someone to bypass our filters by sending
> # us messages with a forged Received header.

My plan around that is:

0) mimedefang removes any existing 
1) mimedefang reads the sendmail macros to see if the sender is 
2) mimedefang adds a X-my-header-indicating-authenticated-user with the 
header value being the authenticated user
3) if they are authenticated (or from one of my own exempt/local IP 
addrs), mimedefang doesn't feed the message to spam assassin; if they 
aren't, it feeds the message to spam assassin.

Though, I could also, easily, feed the message to spam assassin in a 
later process, and give the presence of that header a low score.  Since 
mimedefang removes that header up front, I don't have to worry about it 
being inserted by someone else (thus no need for a secret phrase).

More information about the MailScanner mailing list