Package: spamass-milter Version: 0.3.1-10 Severity: normal Tags: patch The synthesized received header that spamass-milter adds does not contain information on SMTP AUTH. This results in false positives for mail from for example road-warriors that submit mail from addresses that are listed in various RBLs, but which should be accepted since they are authenticated.
The attached patch is based on the one from https://www.linuxhacker.at /opensource-projects/spamass-milter but both cleaned up so it applies to the debian source and modified to output "(authenticated)" even if auth_ssf isn't available (which it isn't from postfix). The patched milter is running in production here with postfix-2.7.1-1+squeeze1 and spamassassin-3.3.1-1 and everything seems to work just fine. -- Knut Arne Bjørndal, Technician Easy Connect AS - http://1890.no E-mail: [email protected] Phone: +47 53 20 53 25
--- spamass-milter.cpp 2011-05-26 10:32:52.000000000 +0200
+++ spamass-milter.cpp 2011-05-26 10:44:53.000000000 +0200
@@ -894,7 +894,8 @@
*/
const char *macro_b, *macro_i, *macro_j, *macro_r,
- *macro_s, *macro_v, *macro_Z, *macro__;
+ *macro_s, *macro_v, *macro_Z, *macro__,
+ *macro_auth_type, *macro_auth_ssf;
char date[32];
/* RFC 822 date. */
@@ -931,7 +932,22 @@
macro_r = "SMTP";
warnmacro("r", "ENVRCPT");
}
-
+
+ /* Authenticated bits Information */
+ macro_auth_type = smfi_getsymval(ctx, "{auth_type}");
+ if (!macro_auth_type)
+ {
+ macro_auth_type = "";
+ warnmacro("auth_type", "ENVRCPT");
+ }
+
+ macro_auth_ssf = smfi_getsymval(ctx, "{auth_ssf}");
+ if (!macro_auth_ssf)
+ {
+ macro_auth_ssf = "";
+ warnmacro("auth_ssf", "ENVRCPT");
+ }
+
/* Sendmail currently cannot pass us the {s} macro, but
I do not know why. Leave this in for the day sendmail is
fixed. Until that day, use the value remembered by
@@ -970,11 +986,22 @@
assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
- assassin->output((string)
- "Received: from "+macro_s+" ("+macro__+")\r\n\t"+
- "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
+ string rec_header;
+ rec_header=(string)"Received: from "+macro_s+" ("+macro__+")\r\n\t";
+ if (strlen(macro_auth_type)!=0) {
+ rec_header+=(string)"(authenticated";
+ if (strlen(macro_auth_ssf)!=0) {
+ rec_header+=(string)" bits="+macro_auth_ssf;
+ }
+ rec_header+=(string)")\r\n\t";
+ }
+ rec_header+=(string)"by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+
+ macro_r+" id "+macro_i+"\r\n\t"+
macro_b+"\r\n\t"+
- "(envelope-from "+assassin->from()+")\r\n");
+ "(envelope-from "+assassin->from()+"\r\n";
+
+ debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str());
+ assassin->output(rec_header);
} else
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
signature.asc
Description: OpenPGP digital signature

