Problem with Iphones

Phil Udel Phil.Udel at
Wed Sep 22 19:11:04 IST 2010

Woot.  Ok I have it working :P   I changed the  cfhead.m4 by hand.  I am
working on the M4 Commands. 

This is what I have so far.
define(`_REC_AUTH_', `_REC_FULL_AUTH_')
define(`_REC_FULL_AUTH_', `$.$?{auth_type}(user=${auth_authen}
$?{auth_author}author=${auth_author} YOURTOKEN  $.mech=${auth_type}') 

-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of Alex Neuman
Sent: Wednesday, September 22, 2010 1:03 PM
To: MailScanner discussion
Subject: Re: Problem with Iphones

That's the beauty of the list. You can turn my crude thing into something
more elegant ;-)

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex at

-----Original Message-----
From: Steve Freegard <steve.freegard at>
Sender: mailscanner-bounces at
Date: Wed, 22 Sep 2010 17:52:32
To: MailScanner discussion<mailscanner at>
Reply-To: MailScanner discussion <mailscanner at>
Subject: Re: Problem with Iphones


On 22/09/10 17:05, Alex Neuman wrote:
> You're using sendmail.
> Find cfhead.m4 - should be in /usr/share/sendmail-cf/m4 if you're using
> Look for the line (on or near line 274) that says:
> define(`confRECEIVED_HEADER', `_REC_HDR_
> This is where the header is defined. The next line reads:
>          _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
> Change it to:
>          _REC_FULL_AUTH_$?{auth_ssf} YOURTOKEN bits=${auth_ssf}$.)
> The REC_FULL_AUTH will give you a better idea of the username that
authenticated - not just *the fact that the user did authenticate*.

Ddon't edit sendmail supplied m4 files.  Edit /etc/mail/ instead;
all of those macros should still be available to you there...


define(`confRECEIVED_HEADER', `......')dnl

> The YOURTOKEN would be something that's not obviously "your token" so it
doesn't get picked up by spammers. This is what we'll look for using SA.
> Find your for spamassassin. This should be in
/etc/mail/spamassassin. Go to the end and add:

Yuck.  Don't use 'ALL' when Received is far more appropriate.  On messages
with a lot of headers you'll waste a load of CPU and time. 

header YOURTOKEN Received =~ /foo/

You can also make it less spoofable using X-Spam-Relays-Trusted: 
metadata header added by SpamAssassin.

Run one of these messages through 'spamassassin -D -t < msg | grep
X-Spam-Relays' and look what output you get for 'auth=' for an example
message.  You can then write an un-spoofable rule (provided your TrustPath
is correct) via:

header FOO X-Spam-Relays-Trusted =~ /auth=foo/i

With this method - you might not even need this particular rule as with the
trust path correct; the OPs problem of hitting RCVD_IN_PBL, RDNS_DYNAMIC
etc. goes away as trusted hosts aren't tested.

MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list