http://bugzilla.spamassassin.org/show_bug.cgi?id=2462
------- Additional Comments From [EMAIL PROTECTED] 2004-12-02 17:43 ------- Subject: Re: detect SMTP AUTH to avoid dynablock FPs on legit msg submission An authenticated example from the SpamAssassin Wiki, which I suspect was added by Dawn Keenan of Information Systems Technology at the University of Waterloo, is at http://wiki.apache.org/spamassassin/DynablockIssues Received: from 192.168.2.125 (CPE0004e24b9419-CM000a7365d82c.cpe.net.cable.rogers.com [63.139.187.25]) (authenticated (0 bits)) by services04.student.cs.uwaterloo.ca (8.11.7/8.11.7) with ESMTP id hA41X1B23955 for <[EMAIL PROTECTED]>; Mon, 3 Nov 2003 20:33:03 -0500 (EST) Dawn's last email to the users list also appears to have a TLS-only hop (note the lack of 'authenticated bits'): Received: from ist.uwaterloo.ca (localhost [127.0.0.1]) by ist.uwaterloo.ca (8.12.11/8.12.11) with ESMTP id iAOEj42R025681 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Nov 2004 09:45:05 -0500 (EST) Received: (from [EMAIL PROTECTED]) by ist.uwaterloo.ca (8.12.11/8.12.7/Submit) id iAOEj1Qe025550; Wed, 24 Nov 2004 09:45:01 -0500 (EST) Also note the "Received: Header" section of http://www.sendmail.org/~ca/email/starttls.html only notes the addition of (using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify}) or (version=${tls_version} cipher=${cipher} bit=${cipher_bits} verify=${verify}) in TLS sessions. There's no mention of an 'authenticated bits' token. The document does specify that a user can authenticate with TLS, and that this would be indicated by 'verify=OK' or 'verified OK' appearing in the TLS line, instead of 'verify=NO' or 'verified NO'. Looking at my stock sendmail.cf file and various Sendmail version README files, I don't see anything to suggest that a TLS session would ever add an 'authenticated bits' token. So, I think it's fair to say that 'authenticated bits' won't appear in non-authenticated TLS sessions and that a regex should be added to the patch to catch the TLS verified authentications noted above. Daryl ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
