Configure Identity Header Identification Method in Spam Experts and Your MTA

Using an identity header allows the system to track and prevent spammers without affecting other senders for the domain.

  1. Step 1 - Configuring the Identity Header Identity Method in Spam Experts
  2. Step 2 - Identity Header Setup in the MTA

Step 1 - Configuring the Identity Header Identity Method in Spam Experts

Configure Spam Experts to log and monitor identity headers:

  1. Navigate to the outgoing authenticating domain
  2. Select Outgoing > Manage Users
  3. Select Edit from the dropdown alongside the Authenticating Domain outgoing user:

  4. From the Identification Method dropdown, select Header
  5. Click on + Add a new identification header

  6. In the Header name field, add the header name that you are configuring, (for example X-AuthUser)
  7. From the Header value dropdown select between:
    • Simple - The entire header value will be used to identify unique users that share this identification method
    • Custom - Specify a custom regular expression that will be used to extract the identity from the header value in order to identify unique users that share this authentication method

      • The custom regular expression you enter must contain a group that represents the identity.

  8. If you want to remove this header after processing, ensure the Remove after processing option is ticked. Alternatively, to keep the header after processing remove the tick

    9. Depending on how the header is created, it may contain information that you do not want to release. For example, if the identification is based on the user's login id, you probably want to ensure Remove after processing is ticked.

  9. Click Add

    10. If you have configured more that one identity, each will be processed in order. If multiple headers are in the same outgoing email, the first header in the message will be the one that is processed first.

  10. Once you have set this up, verify that all is working correctly by checking your outgoing messages in the Outgoing Log Search and look for new messages using the Identity column. If you see data which is using the new identity, it is working correctly

    11. The other Identification Method options available are Envelope-Sender and Authenticating User. For more info, see Outgoing User.

Example Identities

There are many different headers and identities that can be set. Here are some examples:

  • cPanel:
    • Header name: X-AuthUser
    • Header value: Simple
  • cPanel:
    • Header name: X-PHP-Originating-Script
    • Header value: ^(.*?)\(.*$
  • Postfix:
    • Header name: Received
    • Header value: .*\(Authenticated sender: (.*?)\).*

Step 2 - Identity Header Setup in the MTA

As well as configuring Spam Experts to log and monitor identity headers you must ensure that this is also set up in your sending MTA. Here are some example configurations:

Microsoft Exchange Identification headers

Currently on Microsoft Exchange, to be able to add custom outgoing headers a XHeader transport agent must be built. For more information, see the Microsoft KB.

cPanel/Exim

headers_add = X-AuthUser: $authenticated_id

headers_add = X-AuthUser: ${if match {$authenticated_id}{.*@.*}\
{$authenticated_id} {${if match {$authenticated_id}{.+}\
{$authenticated_id@$primary_hostname}{$authenticated_id}}}}

headers_add = ${if !eq{$original_domain}{$domain}{X-Forwarded-For: $original_domain}}

Postfix Identification headers

To do this in Postfix, you need to add the following line to your main.cf if not already there:

smtpd_sasl_authenticated_header = yes

This will add an "Authenticated Sender" part to the received header