Whitelist authenticated clients

Mark Sapiro mark at msapiro.net
Thu Oct 26 03:28:05 UTC 2017

On 10/25/2017 12:20 PM, Conz wrote:
> Can I make it ignore/whitelist emails from the local domain that have
> been submitted with authentication ?  I don’t want to open up the
> possibility of having forged emails getting through by just whitelisting
> the domain.

I think you can't white list per se, but you can make a spamassassin
rule something like this

> header __X_SASL_1 Received =~ /Authenticated sender:.*by sbh16.songbird.com /
> header __X_SASL_2 ALL =~ /^Received:.*^Received:.* by sbh16.songbird.com /msi
> meta X_SASL __X_SASL_1 && !__X_SASL_2
> describe X_SASL SASL Authenticated mail
> score X_SASL -20

The first rule __X_SASL_1 looks for a header like

> Received: from [] (45-24-217-241.lightspeed.sntcca.sbcglobal.net [])
> 	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
> 	(No client certificate requested)
> 	(Authenticated sender: mark)
> 	by sbh16.songbird.com (Postfix) with ESMTPSA id 4550711E00AA
> 	for <mark at ms2.msapiro.net>; Wed, 25 Oct 2017 20:10:34 -0700 (PDT)

looking for "Authenticated sender:" and the local host name
(sbh16.songbird.com in this case)

The second rule says "Received:.* by sbh16.songbird.com " is not the
topmost (i.e. last) Received: header (to prevent spoofing)

Then the meta rule basically says the topmost Received: header contains
"Authenticated sender:" and "by our host"

Give that a large enough negative score to offset any positive score.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list