While you are fixing bugs related to authentication, any chance
you'll fix the SPF plugin to skip checks on authenticated delivery?
Or have an option to enable this behavior?
Or do you want a patch from me? It'll take me a lot longer than you,
since I'll spend hours just tracing down the data structures....
On Dec 5, 2006, at 11:22 AM, Daryl C. W. O'Shea wrote:
René Berber wrote:
Daryl C. W. O'Shea wrote:
[snip]
Sendmail should be putting a "(authenticated bits=0)" line in its
Received header when the user authenticates. SA will
automatically use
this to extend the trust path if the header above it is trusted.
Let's start by saying two things:
1) LOCAL_AUTH_RCVD doesn't do anything useful, just to clarify
what happened to
the original subject.
It's solely a workaround, suggested by Dana from UW's CIS dept
before there was any support at all for detecting authenticated
relays, for how you might workaround the problem. As I said
yesterday, I updated the wiki page to hopefully make this clear.
If it's still somehow not clear that it's only a workaround please
let me know, or take a shot at making it clearer yourself.
2) SA 3.1.7 (and 3.1.5) doesn't seem to recognize Sendmail's
authentication
under some circumstances. I assume that it does recognize it for
other
messages, even if I have not seen evidence to that effect.
If I change Received.pm, line 414, like this:
# Sendmail, MDaemon, some webmail servers, and others
- elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*?
by/) {
+ elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
Yeah, as you've found, the regex doesn't match when Sendmail adds a
comment about a connection's funky DNS entries. Amazingly nobody
has had the same problem and brought it to our attention in the
more than two years since I wrote that code.
It'll be fixed in the next version of SpamAssassin to be released.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5223
Daryl
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
