Package: spamass-milter
Version: 0.3.1-10
Severity: normal
Tags: patch

The synthesized received header that spamass-milter adds does not
contain information on SMTP AUTH. This results in false positives for
mail from for example road-warriors that submit mail from addresses that
are listed in various RBLs, but which should be accepted since they are
authenticated.

The attached patch is based on the one from https://www.linuxhacker.at
/opensource-projects/spamass-milter but both cleaned up so it applies to
the debian source and modified to output "(authenticated)" even if
auth_ssf isn't available (which it isn't from postfix).

The patched milter is running in production here with
postfix-2.7.1-1+squeeze1 and spamassassin-3.3.1-1 and everything seems
to work just fine.

-- 
Knut Arne Bjørndal, Technician Easy Connect AS - http://1890.no
E-mail: [email protected] Phone: +47 53 20 53 25

--- spamass-milter.cpp	2011-05-26 10:32:52.000000000 +0200
+++ spamass-milter.cpp	2011-05-26 10:44:53.000000000 +0200
@@ -894,7 +894,8 @@
 		   
 		*/
 		const char *macro_b, *macro_i, *macro_j, *macro_r,
-		           *macro_s, *macro_v, *macro_Z, *macro__;
+		           *macro_s, *macro_v, *macro_Z, *macro__,
+		           *macro_auth_type, *macro_auth_ssf;
 		char date[32];
 
 		/* RFC 822 date. */
@@ -931,7 +932,22 @@
 			macro_r = "SMTP";
 			warnmacro("r", "ENVRCPT");
 		}
-			
+
+		/* Authenticated bits Information */
+		macro_auth_type = smfi_getsymval(ctx, "{auth_type}");
+		if (!macro_auth_type)
+		{
+			macro_auth_type = "";
+			warnmacro("auth_type", "ENVRCPT");
+		}
+
+		macro_auth_ssf = smfi_getsymval(ctx, "{auth_ssf}");
+		if (!macro_auth_ssf)
+		{
+			macro_auth_ssf = "";
+			warnmacro("auth_ssf", "ENVRCPT");
+		}
+
 		/* Sendmail currently cannot pass us the {s} macro, but
 		   I do not know why.  Leave this in for the day sendmail is
 		   fixed.  Until that day, use the value remembered by
@@ -970,11 +986,22 @@
 		assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
 		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
 
-		assassin->output((string)
-			"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
-			"by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
+		string rec_header;
+		rec_header=(string)"Received: from "+macro_s+" ("+macro__+")\r\n\t";
+		if (strlen(macro_auth_type)!=0) {
+			rec_header+=(string)"(authenticated";
+			if (strlen(macro_auth_ssf)!=0) {
+				rec_header+=(string)" bits="+macro_auth_ssf;
+			}
+			rec_header+=(string)")\r\n\t";
+		}
+		rec_header+=(string)"by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+
+			macro_r+" id "+macro_i+"\r\n\t"+
 			macro_b+"\r\n\t"+
-			"(envelope-from "+assassin->from()+")\r\n");
+			"(envelope-from "+assassin->from()+"\r\n";
+
+		debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str());
+		assassin->output(rec_header);
 
 	} else
 		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to