> From: Ted Mittelstaedt [mailto:t...@ipinc.net]
>
> And what prevents a spammer from forging this into a header and
> bypassing SA? Just askin.
>
> Ted
The fact that the authenticating server forwarding the request is trusted
and/or internal network.
SA doesn't look at any auth token outside of the trusted ring. A spammer can
obviously add a fake received: header, but it would be left out of the
trusted ring and thereby not considered by SA.
In example. exam...@example.com is your trusted, border MSA.
This is really authenticated, of course:
Received: from imauser (host246-74-dynamic.49-82-r.retail.telecomitalia.it
[82.49.74.246])
by msa.example.com (Postfix) with ESMTPA id 4582D39D066
for <exam...@example.com>; Fri, 17 Dec 2010 17:48:01 +0100 (CET)
This is not:
Received: from imaspammer
(host246-74-dynamic.49-82-r.retail.telecomitalia.it [82.49.74.246])
by msa.example.com (Postfix) with ESMTPA id 4582D39D066
for <exam...@example.com>; Fri, 17 Dec 2010 17:48:01 +0100 (CET)
Received: from msa.example.com
(host246-74-dynamic.49-82-r.retail.telecomitalia.it [82.49.74.246])
by msa.example.com (Postfix) with ESMTP id 4582D39D066
for <exam...@example.com>; Fri, 17 Dec 2010 17:48:01 +0100 (CET)
See? The first Received: is the forged one and looks a lot like the second
one, which is the true one. SA would stop looking for auth keywords (ESMTPA,
in this example) right at the second line and would not take the first into
account...
SA also avails the msa_networks setting to allow a node to act both as a MX
and a MUA, making a message look like "internally sourced" iff the node says
it is from an authenticated source.
Giampaolo
