SA Bugzilla – Bug 5549
Postfix sasl Authenticated header not detected
Last modified: 2014-03-20 18:51:16 UTC
machine running SA 3.2.1 and postfix - I've come to the conclusion that SA is unable to pickup authentication headers provided by postfix (smtpd_sasl_authenticated_header yes). As far as I can see... >From Mail/SpamAssassin/Message/Metadata/Received.pm: # Postfix 2.3 and later with "smtpd_sasl_authenticated_header yes" elsif (/\) \(Authenticated sender: \S+\) by \S+ \(Postfix\) with /) { $auth = 'Postfix'; } However, the headers I'm getting from postfix look like: Received: from myPC (unknown [nn.nnn.nn.nn]) (Authenticated sender: user@server.example.com) by server.example.com (Postfix) with ESMTP id 68FAF524310 for <user@example.com>; Wed, 4 Jul 2007 20:36:49 +0100 (BST) And the source (postfix/src/smtpd/smtpd.c) seems to back this up: out_fprintf(out_stream, REC_TYPE_NORM, "\t(Authenticated sender: %s)", STR(username));
Created attachment 5193 [details] [PATCH] fix authenticated sender for postfix, bug #5549 changes the regex to detect authenticated sender as written by postfix
Comment on attachment 5193 [details] [PATCH] fix authenticated sender for postfix, bug #5549 I think you need to check some real world examples because you are changing existing code that likely did work for older versions of postfix and we likely need yet another elsif for the version you are testing with.
Perhaps this? 20050404 Typo: missing comma after dsn=x.yy.zz logging. File: global/log_adhoc.c. Feature: specify "smtpd_sasl_authenticated_header = yes" to report the SASL login name in the Received: message header, so that the login name is shared with the whole world. Based on code by Branko F. Gracnar. Files: smtpd/smtpd.c, and documentation.
I'm not sure if the headers in postfix ever included the "(Postfix)" part.... According to the postfix mailing list (http://archives.neohapsis.com/archives/postfix/2005-03/1958.html), the feature already got into postfix in the form of my patch. Would a patch be okay that accepts both forms? We could probably also extend the rules to support some other common "Authenticated sender:" patterns, as some tend to modify these...
(In reply to flokli from comment #4) > I'm not sure if the headers in postfix ever included the "(Postfix)" part.... > > According to the postfix mailing list > (http://archives.neohapsis.com/archives/postfix/2005-03/1958.html), > the feature already got into postfix in the form of my patch. > > Would a patch be okay that accepts both forms? > > We could probably also extend the rules to support some other common > "Authenticated sender:" patterns, as some tend to modify these... That is my point. The SA patch has to keep existing functionality AND add flexibility for the format change. It should include documentation such as what version of postfix specifically works and preferably some real world headers to use as test cases.