Phil Udel | 22 Sep 16:46 2010

Problem with Iphones

HI, I am a long time user of Sendmail and Mailscanner but I have hit a problem that I cant seem to find a solution for.  Currently I am using the latest version of everything on a centos 5.1 sandbox.
 
 
Problem Description:
I have some Apple Iphones that the users want to Send/Replay Email directly with my mail server.  I do not use Auth, but I am looking into using that to solve relay problem.
The problem that I am not sure that Auth will fix is the high spam score Iphones get.
Almost all the Iphone seem to hit  most, if not all of the rules:
RDNS_DYNAMIC
RCVD_IN_PBL
MIME_QP_LONG_LINE
 
I don’t want to lower the rule scores because they do a good job of stopping alot of Dynamic spam.
I cant whitelist the IP or domain  example (mobile-166-137-011-147.mycingular.net) because the IP is different every time, and whitlisting mycingular.net is  a bad idea.
 
 
If I set up Auth will Spamassasn still score it high?  I believe it would.
If I use Auth will that get a  ALL_TRUSTED Value that I can use to Lower the score?  
 
As Always MY Life and job hang in the balance on this issue, since one of the Ipones belongs to the owner of the company. :P
 
 
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Rob Poe | 22 Sep 16:58 2010

Re: Problem with Iphones

I set up a weird/strange port to the internal SMTP server and let the iPhones auth against the internal email server instead of trying to maintain users on the MailScanner servers.

On the iPhone you can set up a port, IIRC you append a colon and the port number (but you have to enter it fresh, not edit if you want to change the port to avoid issues).



On 9/22/2010 9:46 AM, Phil Udel wrote:
HI, I am a long time user of Sendmail and Mailscanner but I have hit a problem that I cant seem to find a solution for.  Currently I am using the latest version of everything on a centos 5.1 sandbox.
 
 
Problem Description:
I have some Apple Iphones that the users want to Send/Replay Email directly with my mail server.  I do not use Auth, but I am looking into using that to solve relay problem.
The problem that I am not sure that Auth will fix is the high spam score Iphones get.
Almost all the Iphone seem to hit  most, if not all of the rules:
RDNS_DYNAMIC
RCVD_IN_PBL
MIME_QP_LONG_LINE
 
I don’t want to lower the rule scores because they do a good job of stopping alot of Dynamic spam.
I cant whitelist the IP or domain  example (mobile-166-137-011-147.mycingular.net) because the IP is different every time, and whitlisting mycingular.net is  a bad idea.
 
 
If I set up Auth will Spamassasn still score it high?  I believe it would.
If I use Auth will that get a  ALL_TRUSTED Value that I can use to Lower the score?  
 
As Always MY Life and job hang in the balance on this issue, since one of the Ipones belongs to the owner of the company. :P
 
 
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Alex Neuman | 22 Sep 17:03 2010

Re: Problem with Iphones

Security by obscurity is not security.

Using SMTP AUTH - and checking/scoring for it at the SA level - would help a lot without compromising the security.

On Sep 22, 2010, at 9:58 AM, Rob Poe wrote:

> I set up a weird/strange port to the internal SMTP server and let the iPhones auth against the internal
email server instead of trying to maintain users on the MailScanner servers.

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Rob Poe | 22 Sep 22:16 2010

Re: Problem with Iphones

Never said it was security by obscurity.  It's called letting your 
remote users auth to the "home" system instead of your MailScanner

On 9/22/2010 10:03 AM, Alex Neuman wrote:
> Security by obscurity is not security.
>
> Using SMTP AUTH - and checking/scoring for it at the SA level - would help a lot without compromising the security.
>
> On Sep 22, 2010, at 9:58 AM, Rob Poe wrote:
>
>    
>> I set up a weird/strange port to the internal SMTP server and let the iPhones auth against the internal
email server instead of trying to maintain users on the MailScanner servers.
>>      
>    
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Alex Neuman | 22 Sep 22:26 2010

Re: Problem with Iphones

the MS server should be able to reject at the MTA level any invalid users though, otherwise it'll
backscatter. 
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex <at> rtpty.com

-----Original Message-----
From: Rob Poe <rob <at> poeweb.com>
Sender: mailscanner-bounces <at> lists.mailscanner.info
Date: Wed, 22 Sep 2010 15:16:58 
To: MailScanner discussion<mailscanner <at> lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Subject: Re: Problem with Iphones

Never said it was security by obscurity.  It's called letting your 
remote users auth to the "home" system instead of your MailScanner

On 9/22/2010 10:03 AM, Alex Neuman wrote:
> Security by obscurity is not security.
>
> Using SMTP AUTH - and checking/scoring for it at the SA level - would help a lot without compromising the security.
>
> On Sep 22, 2010, at 9:58 AM, Rob Poe wrote:
>
>    
>> I set up a weird/strange port to the internal SMTP server and let the iPhones auth against the internal
email server instead of trying to maintain users on the MailScanner servers.
>>      
>    
-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner


Before posting, read http://wiki.mailscanner.info/posting


Support MailScanner development - buy the book off the website! 
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Alex Neuman | 22 Sep 17:02 2010

Re: Problem with Iphones

The problem is not with the iPhones.

The problem lies with the fact that you're not using AUTH when nowadays it's absolutely necessary.

You need to use AUTH, and SPF with hardfail as well. I also insert a custom header into authenticated users'
e-mails so that SpamAssassin will score a -100 on them, and that helps a lot.

On Sep 22, 2010, at 9:46 AM, Phil Udel wrote:

> HI, I am a long time user of Sendmail and Mailscanner but I have hit a problem that I cant seem to find a
solution for.  Currently I am using the latest version of everything on a centos 5.1 sandbox.
>  
>  
> Problem Description:
> I have some Apple Iphones that the users want to Send/Replay Email directly with my mail server.  I do not use
Auth, but I am looking into using that to solve relay problem.
> The problem that I am not sure that Auth will fix is the high spam score Iphones get.
> Almost all the Iphone seem to hit  most, if not all of the rules:
> RDNS_DYNAMIC
> RCVD_IN_PBL
> MIME_QP_LONG_LINE
>  
> I don’t want to lower the rule scores because they do a good job of stopping alot of Dynamic spam.
> I cant whitelist the IP or domain  example (mobile-166-137-011-147.mycingular.net) because the IP is
different every time, and whitlisting mycingular.net is  a bad idea.
>  
>  
> If I set up Auth will Spamassasn still score it high?  I believe it would.
> If I use Auth will that get a  ALL_TRUSTED Value that I can use to Lower the score?  
>  
> As Always MY Life and job hang in the balance on this issue, since one of the Ipones belongs to the owner of the
company. :P
>  
>  
> -- 
> MailScanner mailing list
> mailscanner <at> lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Phil Udel | 22 Sep 17:26 2010

RE: Problem with Iphones

That would be great. 
I have think I have the Auth setup. How do I do the "custom header into
authenticated users" ?

Test of Auth
250-mail.salemcorp.com Hello localhost.localdomain [127.0.0.1], pleased to
meetu
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP

-----Original Message-----
From: mailscanner-bounces <at> lists.mailscanner.info
[mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Wednesday, September 22, 2010 11:03 AM
To: MailScanner discussion
Subject: Re: Problem with Iphones

The problem is not with the iPhones.

The problem lies with the fact that you're not using AUTH when nowadays it's
absolutely necessary.

You need to use AUTH, and SPF with hardfail as well. I also insert a custom
header into authenticated users' e-mails so that SpamAssassin will score a
-100 on them, and that helps a lot.

On Sep 22, 2010, at 9:46 AM, Phil Udel wrote:

> HI, I am a long time user of Sendmail and Mailscanner but I have hit a
problem that I cant seem to find a solution for.  Currently I am using the
latest version of everything on a centos 5.1 sandbox.
>  
>  
> Problem Description:
> I have some Apple Iphones that the users want to Send/Replay Email
directly with my mail server.  I do not use Auth, but I am looking into
using that to solve relay problem.
> The problem that I am not sure that Auth will fix is the high spam score
Iphones get.
> Almost all the Iphone seem to hit  most, if not all of the rules:
> RDNS_DYNAMIC
> RCVD_IN_PBL
> MIME_QP_LONG_LINE
>  
> I don't want to lower the rule scores because they do a good job of
stopping alot of Dynamic spam.
> I cant whitelist the IP or domain  example
(mobile-166-137-011-147.mycingular.net) because the IP is different every
time, and whitlisting mycingular.net is  a bad idea.
>  
>  
> If I set up Auth will Spamassasn still score it high?  I believe it would.
> If I use Auth will that get a  ALL_TRUSTED Value that I can use to Lower
the score?  
>  
> As Always MY Life and job hang in the balance on this issue, since one 
> of the Ipones belongs to the owner of the company. :P
>  
>  
> --
> MailScanner mailing list
> mailscanner <at> lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

--
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Alex Neuman | 22 Sep 18:05 2010

Re: Problem with Iphones

You're using sendmail.

Find cfhead.m4 - should be in /usr/share/sendmail-cf/m4 if you're using CentOS.

Look for the line (on or near line 274) that says:
define(`confRECEIVED_HEADER', `_REC_HDR_

This is where the header is defined. The next line reads:
        _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)

Change it to:
        _REC_FULL_AUTH_$?{auth_ssf} YOURTOKEN bits=${auth_ssf}$.)

The REC_FULL_AUTH will give you a better idea of the username that authenticated - not just *the fact that
the user did authenticate*.

The YOURTOKEN would be something that's not obviously "your token" so it doesn't get picked up by spammers.
This is what we'll look for using SA.

Find your local.cf for spamassassin. This should be in /etc/mail/spamassassin. Go to the end and add:

header YOURTOKEN ALL =~ /YOURTOKEN/
score YOURTOKEN -100

This is crude, but effective. Spoofable, since "YOURTOKEN" will obviously be something someone could
insert into their own headers - but I doubt it's practical for most spammers.

Let me know how that works out for you. Works for me, YMMV, if you break it you get to keep all the pieces.

On Sep 22, 2010, at 10:26 AM, Phil Udel wrote:

> That would be great. 
> I have think I have the Auth setup. How do I do the "custom header into
> authenticated users" ?
> 
> Test of Auth
> 250-mail.salemcorp.com Hello localhost.localdomain [127.0.0.1], pleased to
> meetu
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-AUTH DIGEST-MD5 CRAM-MD5
> 250-DELIVERBY
> 250 HELP
> 
> -----Original Message-----
> From: mailscanner-bounces <at> lists.mailscanner.info
> [mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Alex Neuman
> Sent: Wednesday, September 22, 2010 11:03 AM
> To: MailScanner discussion
> Subject: Re: Problem with Iphones
> 
> The problem is not with the iPhones.
> 
> The problem lies with the fact that you're not using AUTH when nowadays it's
> absolutely necessary.
> 
> You need to use AUTH, and SPF with hardfail as well. I also insert a custom
> header into authenticated users' e-mails so that SpamAssassin will score a
> -100 on them, and that helps a lot.
> 
> On Sep 22, 2010, at 9:46 AM, Phil Udel wrote:
> 
>> HI, I am a long time user of Sendmail and Mailscanner but I have hit a
> problem that I cant seem to find a solution for.  Currently I am using the
> latest version of everything on a centos 5.1 sandbox.
>> 
>> 
>> Problem Description:
>> I have some Apple Iphones that the users want to Send/Replay Email
> directly with my mail server.  I do not use Auth, but I am looking into
> using that to solve relay problem.
>> The problem that I am not sure that Auth will fix is the high spam score
> Iphones get.
>> Almost all the Iphone seem to hit  most, if not all of the rules:
>> RDNS_DYNAMIC
>> RCVD_IN_PBL
>> MIME_QP_LONG_LINE
>> 
>> I don't want to lower the rule scores because they do a good job of
> stopping alot of Dynamic spam.
>> I cant whitelist the IP or domain  example
> (mobile-166-137-011-147.mycingular.net) because the IP is different every
> time, and whitlisting mycingular.net is  a bad idea.
>> 
>> 
>> If I set up Auth will Spamassasn still score it high?  I believe it would.
>> If I use Auth will that get a  ALL_TRUSTED Value that I can use to Lower
> the score?  
>> 
>> As Always MY Life and job hang in the balance on this issue, since one 
>> of the Ipones belongs to the owner of the company. :P
>> 
>> 
>> --
>> MailScanner mailing list
>> mailscanner <at> lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website! 
> 
> --
> MailScanner mailing list
> mailscanner <at> lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
> -- 
> MailScanner mailing list
> mailscanner <at> lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Phil Udel | 22 Sep 18:20 2010

RE: Problem with Iphones

Nice.  Thanks.   I am still working on the Auth. I seem to have hit a bump. 
I keep getting:
AUTH LOGIN dGVzdA==
504 5.3.3 AUTH mechanism LOGIN not available

Mail Log
Sep 22 08:03:34 mail sendmail[6652]: AUTH: available mech=CRAM-MD5
DIGEST-MD5 ANONYMOUS, allowed mech=EXTERNAL LOGIN PLAIN

For some reason the LOGIN PLAIN is not available :(

-----Original Message-----
From: mailscanner-bounces <at> lists.mailscanner.info
[mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Wednesday, September 22, 2010 12:05 PM
To: MailScanner discussion
Subject: Re: Problem with Iphones

You're using sendmail.

Find cfhead.m4 - should be in /usr/share/sendmail-cf/m4 if you're using
CentOS.

Look for the line (on or near line 274) that says:
define(`confRECEIVED_HEADER', `_REC_HDR_

This is where the header is defined. The next line reads:
        _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)

Change it to:
        _REC_FULL_AUTH_$?{auth_ssf} YOURTOKEN bits=${auth_ssf}$.)

The REC_FULL_AUTH will give you a better idea of the username that
authenticated - not just *the fact that the user did authenticate*.

The YOURTOKEN would be something that's not obviously "your token" so it
doesn't get picked up by spammers. This is what we'll look for using SA.

Find your local.cf for spamassassin. This should be in
/etc/mail/spamassassin. Go to the end and add:

header YOURTOKEN ALL =~ /YOURTOKEN/
score YOURTOKEN -100

This is crude, but effective. Spoofable, since "YOURTOKEN" will obviously be
something someone could insert into their own headers - but I doubt it's
practical for most spammers.

Let me know how that works out for you. Works for me, YMMV, if you break it
you get to keep all the pieces.

On Sep 22, 2010, at 10:26 AM, Phil Udel wrote:

> That would be great. 
> I have think I have the Auth setup. How do I do the "custom header 
> into authenticated users" ?
> 
> Test of Auth
> 250-mail.salemcorp.com Hello localhost.localdomain [127.0.0.1], 
> pleased to meetu 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 
> 250-SIZE 250-DSN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP
> 
> -----Original Message-----
> From: mailscanner-bounces <at> lists.mailscanner.info
> [mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Alex 
> Neuman
> Sent: Wednesday, September 22, 2010 11:03 AM
> To: MailScanner discussion
> Subject: Re: Problem with Iphones
> 
> The problem is not with the iPhones.
> 
> The problem lies with the fact that you're not using AUTH when 
> nowadays it's absolutely necessary.
> 
> You need to use AUTH, and SPF with hardfail as well. I also insert a 
> custom header into authenticated users' e-mails so that SpamAssassin 
> will score a -100 on them, and that helps a lot.
> 
> On Sep 22, 2010, at 9:46 AM, Phil Udel wrote:
> 
>> HI, I am a long time user of Sendmail and Mailscanner but I have hit 
>> a
> problem that I cant seem to find a solution for.  Currently I am using 
> the latest version of everything on a centos 5.1 sandbox.
>> 
>> 
>> Problem Description:
>> I have some Apple Iphones that the users want to Send/Replay Email
> directly with my mail server.  I do not use Auth, but I am looking 
> into using that to solve relay problem.
>> The problem that I am not sure that Auth will fix is the high spam 
>> score
> Iphones get.
>> Almost all the Iphone seem to hit  most, if not all of the rules:
>> RDNS_DYNAMIC
>> RCVD_IN_PBL
>> MIME_QP_LONG_LINE
>> 
>> I don't want to lower the rule scores because they do a good job of
> stopping alot of Dynamic spam.
>> I cant whitelist the IP or domain  example
> (mobile-166-137-011-147.mycingular.net) because the IP is different 
> every time, and whitlisting mycingular.net is  a bad idea.
>> 
>> 
>> If I set up Auth will Spamassasn still score it high?  I believe it
would.
>> If I use Auth will that get a  ALL_TRUSTED Value that I can use to 
>> Lower
> the score?  
>> 
>> As Always MY Life and job hang in the balance on this issue, since 
>> one of the Ipones belongs to the owner of the company. :P
>> 
>> 
>> --
>> MailScanner mailing list
>> mailscanner <at> lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website! 
> 
> --
> MailScanner mailing list
> mailscanner <at> lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
> --
> MailScanner mailing list
> mailscanner <at> lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

--
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Steve Freegard | 22 Sep 18:52 2010

Re: Problem with Iphones

Alex,

On 22/09/10 17:05, Alex Neuman wrote:
> You're using sendmail.
>
> Find cfhead.m4 - should be in /usr/share/sendmail-cf/m4 if you're using CentOS.
>
> Look for the line (on or near line 274) that says:
> define(`confRECEIVED_HEADER', `_REC_HDR_
>
> This is where the header is defined. The next line reads:
>          _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
>
> Change it to:
>          _REC_FULL_AUTH_$?{auth_ssf} YOURTOKEN bits=${auth_ssf}$.)
>
> The REC_FULL_AUTH will give you a better idea of the username that authenticated - not just *the fact that
the user did authenticate*.

Ddon't edit sendmail supplied m4 files.  Edit /etc/mail/sendmail.mc 
instead; all of those macros should still be available to you there...

e.g.

define(`confRECEIVED_HEADER', `......')dnl

> The YOURTOKEN would be something that's not obviously "your token" so it doesn't get picked up by
spammers. This is what we'll look for using SA.
>
> Find your local.cf for spamassassin. This should be in /etc/mail/spamassassin. Go to the end and add:
>
> header YOURTOKEN ALL =~ /YOURTOKEN/

Yuck.  Don't use 'ALL' when Received is far more appropriate.  On 
messages with a lot of headers you'll waste a load of CPU and time. 
Instead:

header YOURTOKEN Received =~ /foo/

You can also make it less spoofable using X-Spam-Relays-Trusted: 
metadata header added by SpamAssassin.

Run one of these messages through 'spamassassin -D -t < msg | grep 
X-Spam-Relays' and look what output you get for 'auth=' for an example 
message.  You can then write an un-spoofable rule (provided your 
TrustPath is correct) via:

header FOO X-Spam-Relays-Trusted =~ /auth=foo/i

With this method - you might not even need this particular rule as with 
the trust path correct; the OPs problem of hitting RCVD_IN_PBL, 
RDNS_DYNAMIC etc. goes away as trusted hosts aren't tested.

Regards,
Steve.
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Alex Neuman | 22 Sep 19:03 2010

Re: Problem with Iphones

That's the beauty of the list. You can turn my crude thing into something more elegant ;-)
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex <at> rtpty.com

-----Original Message-----
From: Steve Freegard <steve.freegard <at> fsl.com>
Sender: mailscanner-bounces <at> lists.mailscanner.info
Date: Wed, 22 Sep 2010 17:52:32 
To: MailScanner discussion<mailscanner <at> lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Subject: Re: Problem with Iphones

Alex,

On 22/09/10 17:05, Alex Neuman wrote:
> You're using sendmail.
>
> Find cfhead.m4 - should be in /usr/share/sendmail-cf/m4 if you're using CentOS.
>
> Look for the line (on or near line 274) that says:
> define(`confRECEIVED_HEADER', `_REC_HDR_
>
> This is where the header is defined. The next line reads:
>          _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
>
> Change it to:
>          _REC_FULL_AUTH_$?{auth_ssf} YOURTOKEN bits=${auth_ssf}$.)
>
> The REC_FULL_AUTH will give you a better idea of the username that authenticated - not just *the fact that
the user did authenticate*.

Ddon't edit sendmail supplied m4 files.  Edit /etc/mail/sendmail.mc 
instead; all of those macros should still be available to you there...

e.g.

define(`confRECEIVED_HEADER', `......')dnl

> The YOURTOKEN would be something that's not obviously "your token" so it doesn't get picked up by
spammers. This is what we'll look for using SA.
>
> Find your local.cf for spamassassin. This should be in /etc/mail/spamassassin. Go to the end and add:
>
> header YOURTOKEN ALL =~ /YOURTOKEN/

Yuck.  Don't use 'ALL' when Received is far more appropriate.  On 
messages with a lot of headers you'll waste a load of CPU and time. 
Instead:

header YOURTOKEN Received =~ /foo/

You can also make it less spoofable using X-Spam-Relays-Trusted: 
metadata header added by SpamAssassin.

Run one of these messages through 'spamassassin -D -t < msg | grep 
X-Spam-Relays' and look what output you get for 'auth=' for an example 
message.  You can then write an un-spoofable rule (provided your 
TrustPath is correct) via:

header FOO X-Spam-Relays-Trusted =~ /auth=foo/i

With this method - you might not even need this particular rule as with 
the trust path correct; the OPs problem of hitting RCVD_IN_PBL, 
RDNS_DYNAMIC etc. goes away as trusted hosts aren't tested.

Regards,
Steve.
-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner


Before posting, read http://wiki.mailscanner.info/posting


Support MailScanner development - buy the book off the website! 
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Phil Udel | 22 Sep 20:11 2010

RE: Problem with Iphones

Woot.  Ok I have it working :P   I changed the  cfhead.m4 by hand.  I am
working on the M4 Commands. 

This is what I have so far.
define(`_REC_AUTH_', `_REC_FULL_AUTH_')
define(`_REC_FULL_AUTH_', `$.$?{auth_type}(user=${auth_authen}
$?{auth_author}author=${auth_author} YOURTOKEN  $.mech=${auth_type}') 

-----Original Message-----
From: mailscanner-bounces <at> lists.mailscanner.info
[mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Wednesday, September 22, 2010 1:03 PM
To: MailScanner discussion
Subject: Re: Problem with Iphones

That's the beauty of the list. You can turn my crude thing into something
more elegant ;-)
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex <at> rtpty.com

-----Original Message-----
From: Steve Freegard <steve.freegard <at> fsl.com>
Sender: mailscanner-bounces <at> lists.mailscanner.info
Date: Wed, 22 Sep 2010 17:52:32
To: MailScanner discussion<mailscanner <at> lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Subject: Re: Problem with Iphones

Alex,

On 22/09/10 17:05, Alex Neuman wrote:
> You're using sendmail.
>
> Find cfhead.m4 - should be in /usr/share/sendmail-cf/m4 if you're using
CentOS.
>
> Look for the line (on or near line 274) that says:
> define(`confRECEIVED_HEADER', `_REC_HDR_
>
> This is where the header is defined. The next line reads:
>          _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
>
> Change it to:
>          _REC_FULL_AUTH_$?{auth_ssf} YOURTOKEN bits=${auth_ssf}$.)
>
> The REC_FULL_AUTH will give you a better idea of the username that
authenticated - not just *the fact that the user did authenticate*.

Ddon't edit sendmail supplied m4 files.  Edit /etc/mail/sendmail.mc instead;
all of those macros should still be available to you there...

e.g.

define(`confRECEIVED_HEADER', `......')dnl

> The YOURTOKEN would be something that's not obviously "your token" so it
doesn't get picked up by spammers. This is what we'll look for using SA.
>
> Find your local.cf for spamassassin. This should be in
/etc/mail/spamassassin. Go to the end and add:
>
> header YOURTOKEN ALL =~ /YOURTOKEN/

Yuck.  Don't use 'ALL' when Received is far more appropriate.  On messages
with a lot of headers you'll waste a load of CPU and time. 
Instead:

header YOURTOKEN Received =~ /foo/

You can also make it less spoofable using X-Spam-Relays-Trusted: 
metadata header added by SpamAssassin.

Run one of these messages through 'spamassassin -D -t < msg | grep
X-Spam-Relays' and look what output you get for 'auth=' for an example
message.  You can then write an un-spoofable rule (provided your TrustPath
is correct) via:

header FOO X-Spam-Relays-Trusted =~ /auth=foo/i

With this method - you might not even need this particular rule as with the
trust path correct; the OPs problem of hitting RCVD_IN_PBL, RDNS_DYNAMIC
etc. goes away as trusted hosts aren't tested.

Regards,
Steve.
--
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Phil Udel | 23 Sep 13:04 2010

RE: Problem with Iphones


Thanks for all your help, You all really saved the Day.

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Scott Silva | 23 Sep 16:56 2010
Picon

Re: Problem with Iphones

on 9-22-2010 7:46 AM Phil Udel spake the following:
> HI, I am a long time user of Sendmail and Mailscanner but I have hit a problem
> that I cant seem to find a solution for.  Currently I am using the latest
> version of everything on a centos 5.1 sandbox.
>  
Just a side note... You can't have CentOS 5.1 AND the latest of everything...
CentOS 5 is up to 5.5 now... Are you that far behind on updates?

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Alex Neuman | 23 Sep 18:45 2010

Re: Problem with Iphones

True dat. 
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex <at> rtpty.com

-----Original Message-----
From: Scott Silva <ssilva <at> sgvwater.com>
Sender: mailscanner-bounces <at> lists.mailscanner.info
Date: Thu, 23 Sep 2010 07:56:02 
To: <mailscanner <at> lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Subject: Re: Problem with Iphones

on 9-22-2010 7:46 AM Phil Udel spake the following:
> HI, I am a long time user of Sendmail and Mailscanner but I have hit a problem
> that I cant seem to find a solution for.  Currently I am using the latest
> version of everything on a centos 5.1 sandbox.
>  
Just a side note... You can't have CentOS 5.1 AND the latest of everything...
CentOS 5 is up to 5.5 now... Are you that far behind on updates?

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner


Before posting, read http://wiki.mailscanner.info/posting


Support MailScanner development - buy the book off the website! 
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Gmane