Authenticated senders

Markus Nilsson markus at markusoft.se
Tue Apr 12 14:12:41 IST 2011 

Yes, since it is part of the received header of a trusted host (the current host)!

/M

----- Original Message -----
From: "Alex Neuman" <alex at vidadigital.com.pa>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: tisdag, 12 apr 2011 14:54:47
Subject: Re: Authenticated senders

Is SA smart enough to understand an authenticated header?
What steps does it take to avoid a forged authenticated header?

On Apr 12, 2011, at 7:18 AM, Markus Nilsson wrote:

> Hi,
> 
> Another way could be to set
> 
> smtpd_sasl_authenticated_header = yes
> 
> in postfix and score ALL_TRUSTED in SA with a negative score.
> 
> This should also bypasses SPF and RBL within SA
> 
> /M
> 
> ----- Original Message -----
> From: "Alex Neuman" <alex at vidadigital.com.pa>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: tisdag, 12 apr 2011 13:57:16
> Subject: Re: Authenticated senders
> 
> This is how I would do it:
> 
> 1. Send a message from myself to someone else in the same domain WITHOUT using authentication. In theory, it should work - authentication is usually only necessary to send mail OUTSIDE of the domain.
> 2. Send another message, authenticated, somewhere else. 
> 3. Check the headers. There should be a difference; something like "user xxx with yyy auth and zzz bits" in the header.
> 4. Write a custom rule in spamassassin to score it -100 for example.
> 
> I don't know Postfix as well as sendmail; at sendmail's /etc/mail/sendmail.mc I modify the REC_FULL_AUTH part so that it includes an additional word and then check for it with "header soandso" in /etc/mail/spamassassin/local.cf.
> 
> This wouldn't bypass MailScanner completely, but it insures it won't be scored as SPAM.
> 
> On Apr 12, 2011, at 6:43 AM, James Pattinson wrote:
> 
>> Hi List!
>> 
>> I am using MailScanner with Postfix and ClamAV to run a simple mail server for myself and my family.
>> 
>> I use SMTP AUTH to enable mail to be sent from various places such as home ISPs and Mobile Internet providers and would ideally like to have authenticated mail skip right through the RBL checks.
>> 
>> I know this has been discussed in the past and I did find a thread from someone who ended up writing custom perl scripts to do this.
>> 
>> As this was a few years ago I'd like some advice as to how this is best done these days! I find it really hard to believe that this is not a really common usage scenario, surely RBL checks are completely irrelvant when SMTP auth is in use? I am even using port 587 and TLS to submit messages!
>> 
>> Currently my workaround is to have my sending address configured in rules/spam.whitelist.rules but this is not ideal as I still get spammers faking my address.
>> 
>> Would love to get some input on this :)
>> 
>> Cheers
>> James
>> 
>> 
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website! 
> 
> 
> --
> 
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
> 
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
> 
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
> 
> 
> --
> 
> CronLab scanned this message. We don't think it was spam. If it was,
> please report by copying this link into your browser: http://didcot.cronlab.com/mail/index.php?id=A86EC1B76063.A630B-&learn=spam&host=212.91.140.53
> 
> 
> 
> 
> 
> --
> This message has been scanned for viruses and dangerous content by CronLab
> (www.cronlab.com), and is believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 


--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

 
 
--
 
CronLab scanned this message. We don't think it was spam. If it was,
please report by copying this link into your browser: http://didcot.cronlab.com/mail/index.php?id=6A5671B76063.A5C51-&learn=spam&host=212.91.140.53



 
 
--
This message has been scanned for viruses and dangerous content by CronLab
(www.cronlab.com), and is believed to be clean.

More information about the MailScanner mailing list