Problem with Iphones

Alex Neuman alex at
Wed Sep 22 18:03:10 IST 2010

That's the beauty of the list. You can turn my crude thing into something more elegant ;-)

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex at

-----Original Message-----
From: Steve Freegard <steve.freegard at>
Sender: mailscanner-bounces at
Date: Wed, 22 Sep 2010 17:52:32 
To: MailScanner discussion<mailscanner at>
Reply-To: MailScanner discussion <mailscanner at>
Subject: Re: Problem with Iphones


On 22/09/10 17:05, Alex Neuman wrote:
> You're using sendmail.
> Find cfhead.m4 - should be in /usr/share/sendmail-cf/m4 if you're using CentOS.
> Look for the line (on or near line 274) that says:
> define(`confRECEIVED_HEADER', `_REC_HDR_
> This is where the header is defined. The next line reads:
>          _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
> Change it to:
>          _REC_FULL_AUTH_$?{auth_ssf} YOURTOKEN bits=${auth_ssf}$.)
> The REC_FULL_AUTH will give you a better idea of the username that authenticated - not just *the fact that the user did authenticate*.

Ddon't edit sendmail supplied m4 files.  Edit /etc/mail/ 
instead; all of those macros should still be available to you there...


define(`confRECEIVED_HEADER', `......')dnl

> The YOURTOKEN would be something that's not obviously "your token" so it doesn't get picked up by spammers. This is what we'll look for using SA.
> Find your for spamassassin. This should be in /etc/mail/spamassassin. Go to the end and add:

Yuck.  Don't use 'ALL' when Received is far more appropriate.  On 
messages with a lot of headers you'll waste a load of CPU and time. 

header YOURTOKEN Received =~ /foo/

You can also make it less spoofable using X-Spam-Relays-Trusted: 
metadata header added by SpamAssassin.

Run one of these messages through 'spamassassin -D -t < msg | grep 
X-Spam-Relays' and look what output you get for 'auth=' for an example 
message.  You can then write an un-spoofable rule (provided your 
TrustPath is correct) via:

header FOO X-Spam-Relays-Trusted =~ /auth=foo/i

With this method - you might not even need this particular rule as with 
the trust path correct; the OPs problem of hitting RCVD_IN_PBL, 
RDNS_DYNAMIC etc. goes away as trusted hosts aren't tested.

MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list