On 1/31/2014 9:24 AM, Rainer Fügenstein wrote:
hi,mails delivered via sendmail SMTP AUTH contain a Received: header like this: Received: from [192.168.5.238] (xyz.example.com [90.217.201.80]) (authenticated bits=0) by myserver.mydomain.at (8.13.8/8.13.8) with ESMTP id s0VE3Iwj027715 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <m...@home.org>; Fri, 31 Jan 2014 15:03:19 +0100 could anyone here help with a rule that matches this header, please? I tried for quite some time now but can't get it done :-( important parts to match are "(authenticated bits=\d+)" and "myserver.mydomain.at" thank you.
header MY_AUTH ALL =~ /\(authenticated bits=\d+\)\s+by\s+myserver.mydomain.at/
Note that this is a spoofable rule. Anyone can add a fake header to their message containing this string and it will match.
(rule is off the top of my head and untested) -- Bowie
