On 12/17/2010 9:12 AM, Kris Deugau wrote:
Ted Mittelstaedt wrote:
On 12/17/2010 8:41 AM, Jason Bertoch wrote:
Based on the headers you included, there's nothing indicating the sender
was authenticated. Are you using the following in postfix?
smtpd_sasl_authenticated_header yes
And what prevents a spammer from forging this into a header and
bypassing SA? Just askin.
It's not a separate header; it's a switch to indicate SMTP AUTH in the
Received: header that Postfix adds.
-kgd
I know that, Sendmail adds the same flag when setup for auth SMTP. The
problem is that SA will see this and assume the mail is safe. This is
the fundamental problem with passing trust indicators in the headers.
In the versions of SA I have used, SA will assume the mail is safe
no matter what Received line in the header has the auth indicator
set. They may have fixed that in the most recent SA but I don't
believe so, and even if they did then what if SA is running on a
prefilter server in front of an Exchange server for example?
And you still have the problem of if a spammer's custom-written
virus has determined a user password. The spammers are now able
to do this with some of their hijack tools. And there are also a
LOT of phishing spams now that we see from time to time that tell
users that their e-mail password needs to be reset and to go to
such and such a webpage and change it, etc.
A couple times a month I'm changing user passwords who have
fallen for these phishes. Sometimes it is mere minutes after
the user has pasted their existing e-mail password into one of
these phish sites that the spammers start relaying spam though
the mailserver. However mostly, the typical MO is the spammers
wait until Friday night at 9pm local time and then start up the
spamming.
This is why a separate auth SMTP server is a very useful thing to
have. It is much easier to identify a spam injector when the
mailserver is only handling authenticated SMTP and determine what
compromised userID they are using. And you can apply
rate-limits on an authenticated-SMTP server that you cannot get
away with on the main mailserver.
But, go ahead, do it your way. If your a small site you might
even be OK for long enough to forget this advice. But sooner
or later your going to get cracked into and you will wish you
had separated the servers.
Ted
