Problem with Iphones
Alex Neuman
alex at rtpty.com
Wed Sep 22 18:03:10 IST 2010
That's the beauty of the list. You can turn my crude thing into something more elegant ;-)
--
Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex at rtpty.com
-----Original Message-----
From: Steve Freegard <steve.freegard at fsl.com>
Sender: mailscanner-bounces at lists.mailscanner.info
Date: Wed, 22 Sep 2010 17:52:32
To: MailScanner discussion<mailscanner at lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
Subject: Re: Problem with Iphones
Alex,
On 22/09/10 17:05, Alex Neuman wrote:
> You're using sendmail.
>
> Find cfhead.m4 - should be in /usr/share/sendmail-cf/m4 if you're using CentOS.
>
> Look for the line (on or near line 274) that says:
> define(`confRECEIVED_HEADER', `_REC_HDR_
>
> This is where the header is defined. The next line reads:
> _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
>
> Change it to:
> _REC_FULL_AUTH_$?{auth_ssf} YOURTOKEN bits=${auth_ssf}$.)
>
> The REC_FULL_AUTH will give you a better idea of the username that authenticated - not just *the fact that the user did authenticate*.
Ddon't edit sendmail supplied m4 files. Edit /etc/mail/sendmail.mc
instead; all of those macros should still be available to you there...
e.g.
define(`confRECEIVED_HEADER', `......')dnl
> The YOURTOKEN would be something that's not obviously "your token" so it doesn't get picked up by spammers. This is what we'll look for using SA.
>
> Find your local.cf for spamassassin. This should be in /etc/mail/spamassassin. Go to the end and add:
>
> header YOURTOKEN ALL =~ /YOURTOKEN/
Yuck. Don't use 'ALL' when Received is far more appropriate. On
messages with a lot of headers you'll waste a load of CPU and time.
Instead:
header YOURTOKEN Received =~ /foo/
You can also make it less spoofable using X-Spam-Relays-Trusted:
metadata header added by SpamAssassin.
Run one of these messages through 'spamassassin -D -t < msg | grep
X-Spam-Relays' and look what output you get for 'auth=' for an example
message. You can then write an un-spoofable rule (provided your
TrustPath is correct) via:
header FOO X-Spam-Relays-Trusted =~ /auth=foo/i
With this method - you might not even need this particular rule as with
the trust path correct; the OPs problem of hitting RCVD_IN_PBL,
RDNS_DYNAMIC etc. goes away as trusted hosts aren't tested.
Regards,
Steve.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list