Hi,
Recently I've had a lot of reports of returned mail from authenticated
users. The messages are being bounced on the way out.
I understand that SA checks outbound messages, but I have discovered two
things, one of them rather disturbing:
1. I cannot find a way to simply trust authenticated users'
messages. I would like to whitelist all messages that are
sent by authenticated users. Yes I understand that a
compromised user account can be a problem for me, but I
need this as a starting point. Is there a way?
2. When outgoing messages are checked, spamd tries to find a
user to run as using the recipient's address. The way this
is done is to use the user-portion of the recipient
address, which is absolutely insane!
For example: evil-hacker tries to brute force the system
by trying every name in the world against example.com.
Let's say I have a user "bob" with an email address of
"b...@someotherdomain.com". SA now happily calls on bob's
account to run spamd for this message, which has
absolutely nothing to do with bob, his domain or his
email account (!) This is bad.
Example no. 2: Local user jane is sending a message to
"b...@some-where-completely-unrelated.com". Well once
again spamd decides, "oh - this user name is `bob'. Why
don't I run as bob for this one?" Again completely
inappropriate! This message has absolutely nothing to do
with bob or his account.
Is there a misconfiguration here? What should I check?
My system information:
OS: NetBSD-5
sendmail-8.14.4
spamassassin-3.3.1
spamass-milter-0.3.1
Any help would be great!
Louis
