[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RFC3848 and ESMTPA in Receiver header
|
From: |
J4K |
|
Subject: |
RFC3848 and ESMTPA in Receiver header |
|
Date: |
Mon, 25 Jul 2011 11:14:13 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10 |
Morning everyone,
Whilst trying to debug a spammer, or potential misconfiguration in
my SA/postfix set-up, I noticed this in the spam header:
*Received: from 95.132.70.144(helo=xxx.co.uk) by xxx.co.uk with esmtpa
(Exim 4.69) (envelope-from ) id 1MMY4Z-6815vh-KW for <address@hidden>;
Mon, 25 Jul 2011 08:05:42 +020*
The ESMTPA noted in the header stuck me as strange. 1) Does this mean
that spammer authenticated with an smtp-auth username and password?
2) Is there an SA rule that would subtract points if this is seem in a
header ( I didn't think so)?
3) Would the Spam-Assassin Milter give this a free ride? It would if it
had the -I option, but mine does not.
-I Ignores messages if the sender has authenticated via SMTP AUTH.
Current programme called as:
/usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p
/var/spool/postfix/spamass/spamass.sock -u nobody -e xxx.co.uk -M -r 12
-i 127.0.0.1 -- -s 1050000
Regards, S.
>From http://www.ietf.org/rfc/rfc3848.txt
1. IANA Considerations
As directed by SMTP [2], IANA maintains a registry [7] of "WITH
protocol types" for use in the "with" clause of the Received header
in an Internet message. This registry presently includes SMTP [6],
and ESMTP [2]. This specification updates the registry as follows:
o The new keyword "ESMTPA" indicates the use of ESMTP when the SMTP
AUTH [3] extension is also used and authentication is successfully
achieved.
- RFC3848 and ESMTPA in Receiver header,
J4K <=