On Mon, 29 Dec 2008, Bazooka Joe wrote:
I am trying (unsuccessfully) to write a rule to pickup if the
"authenticated bits=0" in the Received line of the header and give it
-100
Does anyone know if that works? Or a better way to do it?
header LOCAL_AUTH_RCVD2 Received =~ /authenticated bits/
score LOCAL_AUTH_RCVD2 -100.0
Important note: be specific as to *which* received header you whitelist
on. It would be trivial for a spammer to put that text in a forged
"upstream" Received header.
Generally speaking, the better way to whitelist would be to tell
spamass-milter (or whatever your glue is) to not pass the message to SA at
all. Your MTA knows that the message was received from an authenticated
user, so see if you can leverage that knowledge to simply bypass calling
SA completely.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...every time I sit down in front of a Windows machine I feel as
if the computer is just a place for the manufacturers to put their
advertising. -- fwadling on Y! SCOX
----------------------------------------------------------------------