>No. qmail actually puts "Received .....
by ([EMAIL PROTECTED])" in the headers
>if it was authenticated. And all my
usernames have a "[EMAIL PROTECTED]"
>structure, where "domain" is one of the
couple hundred domains I host. So I
>have "Received ... by
([EMAIL PROTECTED]@kiste.hitchhikers.de)"
in the
>headers and that's what I currently
look for.
>It's weak, I know. But otherwise my
users would get punished for using
>dynamic IPs, by _my_ spamassassin.
(This problem is unrelated to the one I
>talked about above, btw). And I don't
know how to differentiate between
>known SMTP AUTH users using dialup IPs
and unknown SMTP users sending via
>dialup IPs - yet.
>>> Unfortunately, qmail doesn't really
mark the useage of SMTP AUTH in the
>actually, it does (see above) but
weakly.
>> Additionally, even if qmail did
indicate that the transaction was via
SMTP
>> AUTH, SpamAssassin really couldn't
trust that information in the Received
>> line. A spammer could simply inject
a fake Received line with the AUTH
>> markup. SA really can't trust any
headers other than those that the end
>> MTA (or any configured trusted
servers) have added, right?
>Yup.
>I need a way to find whether my header
is the _first_ Received: header. But
>then I'd punish people who have their
SMTP local server configured to relay
>via mine (which can be perfectly
legitimate if they have an account).
For any mail SMTP_AUTH'd by your local
system and outbound, you might be
able to set up a separate SMTP deamon
which accepts SMTP_AUTH connections
exclusively, and only relay non-DUL
local trusted networks on your
"original"
SMTP daemon. It seems you're using qmail
( i don't) but with Sendmail and
MIMEDefang
you could pass Sendmamil Macros (such as
${if_addr}) to a filter to determine
how, if , and from where a connection
was authenticated, and use this
information
to adjust the score accordingly. I
suppose you could additionally get
really
creative(?) and mangle the headers of
SMTP_AUTH'd messages so that the
DUL footprints of outbound mail
dissappear to foreign mail systems, but
methinks
that's probably about as Evil as
self-modifying code. :)
