[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC3848 and ESMTPA in Receiver header
From: |
Vaccus Spurcamen |
Subject: |
Re: RFC3848 and ESMTPA in Receiver header |
Date: |
Mon, 25 Jul 2011 10:19:48 +0100 |
On Mon, 2011-07-25 at 11:14 +0200, J4K wrote:
> Morning everyone,
>
> Whilst trying to debug a spammer, or potential misconfiguration in
> my SA/postfix set-up, I noticed this in the spam header:
> *Received: from 95.132.70.144(helo=xxx.co.uk) by xxx.co.uk with esmtpa
> (Exim 4.69) (envelope-from ) id 1MMY4Z-6815vh-KW for <address@hidden>;
> Mon, 25 Jul 2011 08:05:42 +020*
>
> The ESMTPA noted in the header stuck me as strange. 1) Does this mean
> that spammer authenticated with an smtp-auth username and password?
Suggests an authenticated user - nothing unusual in that, spammers
hijack accounts all the time (assuming the header is, of course,
genuine)
>
> 2) Is there an SA rule that would subtract points if this is seem in a
> header ( I didn't think so)?
You could always write one.
>
> 3) Would the Spam-Assassin Milter give this a free ride? It would if it
> had the -I option, but mine does not.
> -I Ignores messages if the sender has authenticated via SMTP AUTH.
>
>
> Current programme called as:
> /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p
> /var/spool/postfix/spamass/spamass.sock -u nobody -e xxx.co.uk -M -r 12
> -i 127.0.0.1 -- -s 1050000
>
> Regards, S.
>
>
> >From http://www.ietf.org/rfc/rfc3848.txt
>
> 1. IANA Considerations
>
> As directed by SMTP [2], IANA maintains a registry [7] of "WITH
> protocol types" for use in the "with" clause of the Received header
> in an Internet message. This registry presently includes SMTP [6],
> and ESMTP [2]. This specification updates the registry as follows:
>
> o The new keyword "ESMTPA" indicates the use of ESMTP when the SMTP
> AUTH [3] extension is also used and authentication is successfully
> achieved.
>
>
> _______________________________________________
> Spamass-milt-list mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/spamass-milt-list