You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bazooka Joe <fa...@gmail.com> on 2008/12/30 01:09:01 UTC
white listing sendmail authenticated users
I am trying (unsuccessfully) to write a rule to pickup if the
"authenticated bits=0" in the Received line of the header and give it
-100
I am not sure if spamass-milter Version 0.3.1is passing the Received
line to SA.
Does anyone know if that works? Or a better way to do it?
header LOCAL_AUTH_RCVD2 Received =~ /authenticated bits/
score LOCAL_AUTH_RCVD2 -100.0
-bazooka
Re: white listing sendmail authenticated users
Posted by Justin Mason <jm...@gmail.com>.
On Tue, Dec 30, 2008 at 00:16, John Hardin <jh...@impsec.org> wrote:
> On Mon, 29 Dec 2008, Bazooka Joe wrote:
>
>> I am trying (unsuccessfully) to write a rule to pickup if the
>> "authenticated bits=0" in the Received line of the header and give it
>> -100
>>
>> Does anyone know if that works? Or a better way to do it?
>>
>> header LOCAL_AUTH_RCVD2 Received =~ /authenticated bits/
>> score LOCAL_AUTH_RCVD2 -100.0
>
> Important note: be specific as to *which* received header you whitelist on.
> It would be trivial for a spammer to put that text in a forged "upstream"
> Received header.
If the authenticator is part of your trusted_networks, SA should be
able to extend trust to the authenticated system. see:
http://wiki.apache.org/spamassassin/TrustedRelays and
http://wiki.apache.org/spamassassin/DynablockIssues
(the latter has another way to match rules against /authenticated
bits/ -- use the hostname part of the Received header that appears
after it.)
--j.
Re: white listing sendmail authenticated users
Posted by John Hardin <jh...@impsec.org>.
On Mon, 29 Dec 2008, Bazooka Joe wrote:
> I am trying (unsuccessfully) to write a rule to pickup if the
> "authenticated bits=0" in the Received line of the header and give it
> -100
>
> Does anyone know if that works? Or a better way to do it?
>
> header LOCAL_AUTH_RCVD2 Received =~ /authenticated bits/
> score LOCAL_AUTH_RCVD2 -100.0
Important note: be specific as to *which* received header you whitelist
on. It would be trivial for a spammer to put that text in a forged
"upstream" Received header.
Generally speaking, the better way to whitelist would be to tell
spamass-milter (or whatever your glue is) to not pass the message to SA at
all. Your MTA knows that the message was received from an authenticated
user, so see if you can leverage that knowledge to simply bypass calling
SA completely.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...every time I sit down in front of a Windows machine I feel as
if the computer is just a place for the manufacturers to put their
advertising. -- fwadling on Y! SCOX
----------------------------------------------------------------------
Re: white listing sendmail authenticated users
Posted by Matt Kettler <mk...@verizon.net>.
Bazooka Joe wrote:
> I am trying (unsuccessfully) to write a rule to pickup if the
> "authenticated bits=0" in the Received line of the header and give it
> -100
>
> I am not sure if spamass-milter Version 0.3.1is passing the Received
> line to SA.
>
> Does anyone know if that works? Or a better way to do it?
>
> header LOCAL_AUTH_RCVD2 Received =~ /authenticated bits/
> score LOCAL_AUTH_RCVD2 -100.0
>
> -bazooka
>
Generally milters run before the local Received: header is added.
AFAIK, spamasss-milter temporarily fakes one so DNS tests can be done on
the delivering IP, but it's not going to be identical to the one your
MTA generates.