Morning everyone,
Whilst trying to debug a spammer, or potential misconfiguration in
my SA/postfix set-up, I noticed this in the spam header:
*Received: from 95.132.70.144(helo=xxx.co.uk) by xxx.co.uk with esmtpa
(Exim 4.69) (envelope-from ) id 1MMY4Z-6815vh-KW for <[email protected]>;
Mon, 25 Jul 2011 08:05:42 +020*
The ESMTPA noted in the header stuck me as strange. 1) Does this mean
that spammer authenticated with an smtp-auth username and password?
2) Is there an SA rule that would subtract points if this is seem in a
header ( I didn't think so)?
3) Would the Spam-Assassin Milter give this a free ride? It would if it
had the -I option, but mine does not.
-I Ignores messages if the sender has authenticated via SMTP AUTH.
Current programme called as:
/usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p
/var/spool/postfix/spamass/spamass.sock -u nobody -e xxx.co.uk -M -r 12
-i 127.0.0.1 -- -s 1050000
Regards, S.
>From http://www.ietf.org/rfc/rfc3848.txt
1. IANA Considerations
As directed by SMTP [2], IANA maintains a registry [7] of "WITH
protocol types" for use in the "with" clause of the Received header
in an Internet message. This registry presently includes SMTP [6],
and ESMTP [2]. This specification updates the registry as follows:
o The new keyword "ESMTPA" indicates the use of ESMTP when the SMTP
AUTH [3] extension is also used and authentication is successfully
achieved.
_______________________________________________
Spamass-milt-list mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
