Problem with Iphones

Phil Udel Phil.Udel at SalemCorp.com
Wed Sep 22 17:20:16 IST 2010


Nice.  Thanks.   I am still working on the Auth. I seem to have hit a bump. 
I keep getting:
AUTH LOGIN dGVzdA==
504 5.3.3 AUTH mechanism LOGIN not available

Mail Log
Sep 22 08:03:34 mail sendmail[6652]: AUTH: available mech=CRAM-MD5
DIGEST-MD5 ANONYMOUS, allowed mech=EXTERNAL LOGIN PLAIN

For some reason the LOGIN PLAIN is not available :(



-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Wednesday, September 22, 2010 12:05 PM
To: MailScanner discussion
Subject: Re: Problem with Iphones

You're using sendmail.

Find cfhead.m4 - should be in /usr/share/sendmail-cf/m4 if you're using
CentOS.

Look for the line (on or near line 274) that says:
define(`confRECEIVED_HEADER', `_REC_HDR_

This is where the header is defined. The next line reads:
        _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)

Change it to:
        _REC_FULL_AUTH_$?{auth_ssf} YOURTOKEN bits=${auth_ssf}$.)

The REC_FULL_AUTH will give you a better idea of the username that
authenticated - not just *the fact that the user did authenticate*.

The YOURTOKEN would be something that's not obviously "your token" so it
doesn't get picked up by spammers. This is what we'll look for using SA.

Find your local.cf for spamassassin. This should be in
/etc/mail/spamassassin. Go to the end and add:

header YOURTOKEN ALL =~ /YOURTOKEN/
score YOURTOKEN -100

This is crude, but effective. Spoofable, since "YOURTOKEN" will obviously be
something someone could insert into their own headers - but I doubt it's
practical for most spammers.

Let me know how that works out for you. Works for me, YMMV, if you break it
you get to keep all the pieces.

On Sep 22, 2010, at 10:26 AM, Phil Udel wrote:

> That would be great. 
> I have think I have the Auth setup. How do I do the "custom header 
> into authenticated users" ?
> 
> Test of Auth
> 250-mail.salemcorp.com Hello localhost.localdomain [127.0.0.1], 
> pleased to meetu 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 
> 250-SIZE 250-DSN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex 
> Neuman
> Sent: Wednesday, September 22, 2010 11:03 AM
> To: MailScanner discussion
> Subject: Re: Problem with Iphones
> 
> The problem is not with the iPhones.
> 
> The problem lies with the fact that you're not using AUTH when 
> nowadays it's absolutely necessary.
> 
> You need to use AUTH, and SPF with hardfail as well. I also insert a 
> custom header into authenticated users' e-mails so that SpamAssassin 
> will score a -100 on them, and that helps a lot.
> 
> On Sep 22, 2010, at 9:46 AM, Phil Udel wrote:
> 
>> HI, I am a long time user of Sendmail and Mailscanner but I have hit 
>> a
> problem that I cant seem to find a solution for.  Currently I am using 
> the latest version of everything on a centos 5.1 sandbox.
>> 
>> 
>> Problem Description:
>> I have some Apple Iphones that the users want to Send/Replay Email
> directly with my mail server.  I do not use Auth, but I am looking 
> into using that to solve relay problem.
>> The problem that I am not sure that Auth will fix is the high spam 
>> score
> Iphones get.
>> Almost all the Iphone seem to hit  most, if not all of the rules:
>> RDNS_DYNAMIC
>> RCVD_IN_PBL
>> MIME_QP_LONG_LINE
>> 
>> I don't want to lower the rule scores because they do a good job of
> stopping alot of Dynamic spam.
>> I cant whitelist the IP or domain  example
> (mobile-166-137-011-147.mycingular.net) because the IP is different 
> every time, and whitlisting mycingular.net is  a bad idea.
>> 
>> 
>> If I set up Auth will Spamassasn still score it high?  I believe it
would.
>> If I use Auth will that get a  ALL_TRUSTED Value that I can use to 
>> Lower
> the score?  
>> 
>> As Always MY Life and job hang in the balance on this issue, since 
>> one of the Ipones belongs to the owner of the company. :P
>> 
>> 
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website! 
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



More information about the MailScanner mailing list