On 12/17/2010 9:23 AM, Aaron Bennett wrote:
-----Original Message----- From: Ted Mittelstaedt
[mailto:t...@ipinc.net] Sent: Friday, December 17, 2010 12:20 PM
To: users@spamassassin.apache.org Subject: Re: preventing
authenticated smtp users from triggering PBL
why are you using authenticated SMTP from trusted networks?
The whole point of auth smtp is to come from UN-trusted networks.
I think you are misunderstanding. I may be on an unstrusted network,
but I want to send email through a host on a trusted network. By
authenticating, I can. It was the "trusted host" which authenticated
me, and thus SA needs to take that I was authenticated by a trusted
host into consideration before applying the PBL rule to the address
the mail initiated on.
Right, but a spammer can send a message with the same authenticated
flag set in the mail header through the standard SMTP port because
they are manufacturing the headers out of thin air.
My experience with SA is that if it sees that flag anywhere in the
header, it will assume the mail is safe. I have also had the experience
with earlier versions of SA that they ignore the flag completely but
that was fixed a while ago.
Ted
