Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
How to _not_ punish authenticated SMTP users for using dialup IPs? (fwd)
chris at westnet
Feb 3, 2004, 11:10 AM
Post #1 of 1 (683 views)
Permalink
I posted this last week, but I don't think it made it to the list.


On Tue, 27 Jan 2004, Jens Benecke wrote:

> I'd like to NOT score mail from those people who authenticated via SMTP, but
> I'd still like to use the dial-up RBL for other people (sending spam and
> virii directly to our users) who don't authenticate.

What I did was to write a negative rule to trigger on the header added by
our sendmail for SMTP AUTH. The way I did it, I made sure it would have to
be customized for each site, so it wouldn't be easily forgeable.

For example, our server adds a header like this:

Received: from xxxxxx.xxx (ool-182c9a58.dyn.optonline.net [24.44.154.88])
(authenticated bits=0)
by westnet.com (8.12.10/8.12.10) with ESMTP id i0SMwlf1005033


So my rule looks like:


header L_SMTP_AUTH Received =~ /^from [^ ]+ \([^)]*\)\s+\(authenticated bits=\d+\)\s+by westnet/
describe L_SMTP_AUTH Message was received locally via an SMTP AUTH connection.
score L_SMTP_AUTH -20


==========================================================
Chris Candreva -- chris@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal