On Mon, 2011-07-25 at 11:14 +0200, J4K wrote: > Morning everyone, > > Whilst trying to debug a spammer, or potential misconfiguration in > my SA/postfix set-up, I noticed this in the spam header: > *Received: from 95.132.70.144(helo=xxx.co.uk) by xxx.co.uk with esmtpa > (Exim 4.69) (envelope-from ) id 1MMY4Z-6815vh-KW for <[email protected]>; > Mon, 25 Jul 2011 08:05:42 +020* > > The ESMTPA noted in the header stuck me as strange. 1) Does this mean > that spammer authenticated with an smtp-auth username and password? Suggests an authenticated user - nothing unusual in that, spammers hijack accounts all the time (assuming the header is, of course, genuine) > > 2) Is there an SA rule that would subtract points if this is seem in a > header ( I didn't think so)? You could always write one.
> > 3) Would the Spam-Assassin Milter give this a free ride? It would if it > had the -I option, but mine does not. > -I Ignores messages if the sender has authenticated via SMTP AUTH. > > > Current programme called as: > /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p > /var/spool/postfix/spamass/spamass.sock -u nobody -e xxx.co.uk -M -r 12 > -i 127.0.0.1 -- -s 1050000 > > Regards, S. > > > >From http://www.ietf.org/rfc/rfc3848.txt > > 1. IANA Considerations > > As directed by SMTP [2], IANA maintains a registry [7] of "WITH > protocol types" for use in the "with" clause of the Received header > in an Internet message. This registry presently includes SMTP [6], > and ESMTP [2]. This specification updates the registry as follows: > > o The new keyword "ESMTPA" indicates the use of ESMTP when the SMTP > AUTH [3] extension is also used and authentication is successfully > achieved. > > > _______________________________________________ > Spamass-milt-list mailing list > [email protected] > https://lists.nongnu.org/mailman/listinfo/spamass-milt-list _______________________________________________ Spamass-milt-list mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
