Botnet 0.4 Spam Assassin plugin

Furnish, Trever G TGFurnish at
Mon Nov 27 23:06:56 GMT 2006

> -----Original Message-----
> From: mailscanner-bounces at 
> [mailto:mailscanner-bounces at] On Behalf 
> Of John Rudd
> Sent: Monday, November 27, 2006 5:41 PM
> To: MailScanner discussion
> Subject: Re: Botnet 0.4 Spam Assassin plugin
> René Berber wrote:
> > John Rudd wrote:
> 2) You shouldn't spam scan messages at all if they've come 
> from an SMTP-AUTH transaction OR make sure that your MTA's 
> SMTP-AUTH fingerprints are properly recognized by SA and use 
> the botnet_pass_auth option.

But the point is that if my trusted users authenticate themselves using SMTP-AUTH, then someone using your plugin at some OTHER site should not block them based on their client IP address.  If you don't exclude the first received 'from' address, then you're going to blocking well-behaved users who send mail through well-behaved relays that have forced the user to authenticate.

> In any of those cases, the answer is "make the legitimate but 
> non-local user use SMTP-AUTH to one of the SMTP-AUTH enabled 
> hosts".  This doesn't even require the use of multiple 
> machines (and thus a higher cost of operation).

...which seems perfectly reasonable -- except that it would seem to me that it is only perfect when the sender is one of your users authenticating against your authentication system -- it ought to unfairly score any messages from anyone else's system that include a Received header for the client, which is pretty much everything except Mickeysoft Exchange, EVEN IF they are authenticating to some properly configured relay.

Am I missing something? :-)

More information about the MailScanner mailing list