René Berber wrote:
Daryl C. W. O'Shea wrote:
[snip]
Sendmail should be putting a "(authenticated bits=0)" line in its
Received header when the user authenticates. SA will automatically use
this to extend the trust path if the header above it is trusted.
Let's start by saying two things:
1) LOCAL_AUTH_RCVD doesn't do anything useful, just to clarify what happened to
the original subject.
It's solely a workaround, suggested by Dana from UW's CIS dept before
there was any support at all for detecting authenticated relays, for how
you might workaround the problem. As I said yesterday, I updated the
wiki page to hopefully make this clear. If it's still somehow not clear
that it's only a workaround please let me know, or take a shot at making
it clearer yourself.
2) SA 3.1.7 (and 3.1.5) doesn't seem to recognize Sendmail's authentication
under some circumstances. I assume that it does recognize it for other
messages, even if I have not seen evidence to that effect.
If I change Received.pm, line 414, like this:
# Sendmail, MDaemon, some webmail servers, and others
- elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
+ elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
Yeah, as you've found, the regex doesn't match when Sendmail adds a
comment about a connection's funky DNS entries. Amazingly nobody has
had the same problem and brought it to our attention in the more than
two years since I wrote that code.
It'll be fixed in the next version of SpamAssassin to be released.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5223
Daryl
