http://bugzilla.spamassassin.org/show_bug.cgi?id=2462
------- Additional Comments From [EMAIL PROTECTED] 2004-12-03 12:57 -------
ok, indeed, the "(authenticated bits=" pattern only appears when a user uses
auth+TLS -- I checked my corpus in a bit more detail. Also, the other patterns
(RFC3848, esmtpa/lmtpa, and HTTP) seem safe too.
I think this is very nearly good to go... +0.5. However I would suggest one
modification -- the $auth value shouldn't contain spaces, which it will in the
first (sendmail/MDaemon) case. Since it's only used as a boolean, I'd suggest
either:
- dealing with the sendmail case by using the static string "sendmail", or
similar, instead of the caught text
- changing it to just be the integer 1 instead of the string caught.
I think the former's preferable.
oh -- regarding the sendmail data you dug up -- I think "verification" there
refers to client TLS certificate verification, which AFAIK will be quite rare. I
wouldn't stall the patch waiting for that addition if the "authenticated bits"
pattern catches the auth+TLS+verified-client-cert case, anyway.
(PS: for future reference -- here's a few more samples of authenticated
handovers from my greps through the ham mail corpus:
from 153.90.199.141 (SquirrelMail authenticated user admin);
by web1.cs.montana.edu with HTTP; Thu, 23 Sep 2004 14:35:29 -0600
(MDT)
from [192.168.1.3] (80-28-223-208.adsl.nuria.telefonica-data.net [80.28.2
23.208]) (authenticated bits=0) by mac.com (Xserve/smtpin08/MantshX 4.0) with
ESMTP id i8NIdH8G002812 for ...
from perceptions.couk.com (81.103.146.112) by n082.sc1.cp.net (7.0.030.2)
(authenticated as r.dickenson) id 414B418B002D65F1 for forteana [MUNGED]
yahoogroups.com; Thu, 23 Sep 2004 18:42:17 +0000
from 141.44.167.13 (p83.129.191.197.tisdip.tiscali.de [83.129.191.197])
(authenticated bits=0) by sunny.urz.uni-magdeburg.de (8.12.10/8.12.10) with
ESMTP id i8ND9v0N017746 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
for <ilug [MUNGED] linux.ie>; Thu, 23 Sep 2004 15:09:59 +0200
from [10.41.4.7] (10.41.4.7) by puma.dub0.ie.cp.net (7.2.033.1) (authenti
cated as gary.coady) id 414ED0B400006D01 for boxhosting [MUNGED] diva.ie; Fri,
24 Sep 2004 13:44:40 +0100
from rousalka.dyndns.org (81.64.155.54) by mx.laposte.net (7.0.028)
(authenticated as Nicolas.Mailhot) id 413489B100C9C1FD for fedora-devel-list
[MUNGED] redhat.com; Tue, 28 Sep 2004 21:43:43 +0200
from [10.0.0.253] (82-68-189-22.dsl.in-addr.zen.co.uk [82.68.189.22])
(authenticated (0 bits)) by ensim.rackshack.net (8.11.6/8.11.6) with ESMTP id
i8TAFAI25021 for <discuss [MUNGED] lists.surbl.org>; Wed, 29 Sep 2004 10:15:10
GMT
from [213.174.165.187] (213.174.165.187) by vsmtp1.tin.it (7.0.027) (auth
enticated as mgiammarco [MUNGED] virgilio.it) id 416A525B0000A53B for
linux-thinkpad [MUNGED] linux-thinkpad.org; Mon, 11 Oct 2004 12:52:46 +0200
from [10.10.10.215] (Collation_Software.demarc.cogentco.com [66.250.6.18])
(authenticated bits=0) by waste.org (8.12.3/8.12.3/Debian-6.6) with ESMTP id
i46MehGO005108 for <fork [MUNGED] xent.com>; Thu, 6 May 2004 17:40:44-0500
from ausisaps301-dmz.aus.amer.dell.com ([143.166.226.16]) (SquirrelMail
authenticated user hoolis); by www.penguintowne.org with HTTP; Mon, 22 Mar 2004
12:54:13 -0600 (CST)
from dsl-082-082-143-115.arcor-ip.net (dsl-082-083-139-045.arcor-ip.net
[82.83.139.45]) (authenticated bits=0) by postman.arcor.de
(8.13.0.PreAlpha4/8.13.0.PreAlpha4) with ESMTP id i2U75jD1003350 for
<linux-thinkpad [MUNGED] linux-thinkpad.org>; Tue, 30 Mar 2004 09:05:45 +0200
(MEST)
from [192.168.111.8] (gw.local.linuxlobbyist.org [192.168.111.1])
(authenticated bits=0) by iadonisi.to (8.12.11/SQL-8.12.11-5/8.12.11) with ESMTP
id i4S6SML6017129 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
verify=NO) for <spf-discuss [MUNGED] v2.listbox.com>; Fri, 28 May 2004 02:28:23
-0400
from p5483b7c0.dip.t-dialin.net ([84.131.183.192] helo=192.168.1.23) by
moonflower.de with asmtp (TLS-1.0:RSA_ARCFOUR_MD5:16) (Exim 4.34) id
1CIoQP-0006SN-GV for linux-thinkpad [MUNGED] linux-thinkpad.org; Sat, 16 Oct
2004 15:16:47 +0200
from bgp01132961bgs.ypeast01.mi.comcast.net ([68.42.119.201]
helo=moonweaver.home.awesomeplay.com) by outbound.mailhop.org with esmtpsa
(TLSv1:RC4-SHA:128) (Exim 4.42) id 1CJic5-00067m-U7
I couldn't find a single nonauth+TLS handover that used "(authenticated". For
reference, here's headers that used nonauth+TLS:
from dsl092-076-133.bos1.dsl.speakeasy.net ([66.92.76.133]
helo=pendaran.arborius.net) by sc8-sf-mx1.sourceforge.net with esmtp
(TLSv1:AES256-SHA:256) (Exim 4.41) id 1CIlfc-0003Pa-8W for xvoice-user [MUNGED]
lists.sourceforge.net; Sat, 16 Oct 2004 03:20:18 -0700
from gilmore.ael.be ([158.64.60.71]) by castlerea.stdlib.net with esmtp
(TLSv1:DES-CBC3-SHA:168) (Exim 4.41) id 1CIusZ-00049K-45 for e-voting [MUNGED]
lists.stdlib.net; Sat, 16 Oct 2004 21:10:16 +0100
from rc3.isc.org (rc3.isc.org [IPv6:2001:4f8:3:bb::25]) (using TLSv1
with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate
requested) by sf1.isc.org (Postfix) with ESMTP id C986F284EE for <jm
[MUNGED] jmason.org>; Sat, 16 Oct 2004 21:30:02 +0000 (UTC) (envelope-from
bind-users-bounce [MUNGED] isc.org)
from rubel.csumb.edu (rubel.csumb.edu [198.189.237.214]) (using TLSv1 with
cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by
sf1.isc.org (Postfix) with ESMTP id 23587284EE for <bind-users [MUNGED]
isc.org>; Sat, 16 Oct 2004 23:32:19 +0000 (UTC) (envelope-from snort [MUNGED]
csumb.edu)
from p50894de7.dip0.t-ipconnect.de ([80.137.77.231]:11218 helo=sandpiper) by
mail1.isc.de with esmtp (TLSv1:RC4-SHA:128) (Exim 4.04) id 1CJaZW-0006rU-00 for
linux-thinkpad [MUNGED] linux-thinkpad.org; Mon, 18 Oct 2004 18:41:23 +0200
note: @ replaced with " [MUNGED] " throughout.)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
