SMTP Auth

Julian Field MailScanner at ecs.soton.ac.uk
Thu May 4 09:51:03 IST 2006


On 3 May 2006, at 20:34, John Rudd wrote:

>
> On May 3, 2006, at 10:15, Mark Nienberg wrote:
>
>> Alex Neuman van der Hans wrote:
>>
>>> How about one of the spamassassin gurus here gives us a hand? You  
>>> *could* set up a spamassassin rule that gives a strong negative  
>>> value to something in the headers. I can see from a message that  
>>> just came in that Dhawal is suggesting something similar.
>>
>>
>> Here is the spamassassin rule I use for this situation:
>>
>> # Check for authenticated mail sent from outside the office
>> # so we can compensate for rbls, etc.
>> # Note that the Received header has been modified in sendmail.mc so
>> # it says "authenticated SecretPhrase" instead of just  
>> "authenticated".
>> # This to make it harder for someone to bypass our filters by sending
>> # us messages with a forged Received header.
>>
>
> My plan around that is:
>
> 0) mimedefang removes any existing X-my-header-indicating- 
> authenticated-user
> 1) mimedefang reads the sendmail macros to see if the sender is  
> authenticated
> 2) mimedefang adds a X-my-header-indicating-authenticated-user with  
> the header value being the authenticated user
> 3) if they are authenticated (or from one of my own exempt/local IP  
> addrs), mimedefang doesn't feed the message to spam assassin; if  
> they aren't, it feeds the message to spam assassin.
>
> Though, I could also, easily, feed the message to spam assassin in  
> a later process, and give the presence of that header a low score.   
> Since mimedefang removes that header up front, I don't have to  
> worry about it being inserted by someone else (thus no need for a  
> secret phrase).

John,

If you want to sing the praises of mimedefang, please do it on their  
list and not mine. This list is for MailScanner discussions, and you  
are starting to get very off-topic.

Regards
Jules.
-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the MailScanner mailing list