Problem with user emails sent using postfix smtp authentication blocked as spam

Alex Neuman alex at rtpty.com
Thu Sep 17 13:49:49 IST 2009 

This is *SO* cool... It's one of those things you wish you had come up  
with yourself.

Could you help a bit further by providing the same syntax for the m4  
file that usually resides in RH-flavored distros in /usr/share/ 
sendmail-cf/m4/cfhead.m4?

Mine is set up like this:
define(`confRECEIVED_HEADER', `_REC_HDR_
         _REC_FULL_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
         _REC_BY_
         _REC_TLS_
         _REC_END_')

... where REC_FULL_AUTH_ is defined as:

define(`_REC_FULL_AUTH_', `$.$?{auth_type}(user=${auth_authen} $? 
{auth_author}author=${auth_author} $.mech=${auth_type}')

So, in theory, I could define it as:

define(`_REC_FULL_AUTH_', `$.$?{auth_type}(user=${auth_authen} $? 
{auth_author}author=${auth_author} $.mech=${auth_type} -  
MYSERVERUNIQUETOKEN')

And then use:
> header   AUTHENTICATEDUSER Received =~ /(.*)MYSERVERUNIQUETOKEN(.*)/
> describe AUTHENTICATEDUSER Email Sender Authenticated by My Server
> score    AUTHENTICATEDUSER -100.0

... then apply by:
make -C /etc/mail; service MailScanner restart

I don't always use TLS but it would help my authenticated users,  
regardless of TLS, if they use it that way, right?

On Sep 17, 2009, at 7:34 AM, Sergio Rabellino wrote:

> I do the same as suggested, requiring TLS authentication when  
> sending email from outside my lan, an extra header field is set into  
> the last Received header: for sendmail users the rule follow, where  
> the bold words must be identical.
>
> HReceived: $?{auth_authen}from $j ([${if_addr}])
>          $|$?sfrom $s $.$?_($?s$|from $.$_)$.
>          $.by $j (SENDMAIL)$?r with $r$. id $i$?{tls_version}
>          (version=${tls_version} cipher=${cipher} bits=$ 
> {cipher_bits} verify=${verify}$?{cn_subject} userCertificateDN=$ 
> {cn_subject}$.$?{auth_authen} YOURTOKEN $. )$.$?u
>          for $u; $|;
>          $.$b
>
> Then I set-up a sa rule as follow
>
> header   AUTHENTICATEDUSER Received =~ /(.*)YOURTOKEN(.*)/
> describe AUTHENTICATEDUSER Email Sender Authenticated by My Server
> score    AUTHENTICATEDUSER -100.0
>
> and all the emails sent through my SMTP authenticated session, will  
> be automagically whitelisted.

More information about the MailScanner mailing list