You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/04/03 22:16:29 UTC
[Bug 3235] False Positives on FORGED_DEF_WHITELIST
http://bugzilla.spamassassin.org/show_bug.cgi?id=3235
------- Additional Comments From sidney@sidney.com 2004-04-03 12:16 -------
ns1.daguru.net would have to be trusted for this to work. Otherwise anybody
could forge headers like this and there would be no way of knowing that the mail
really did come from paypal.com.
1. Is ns1.daguru.net trusted? If it is, then I have to fix whatever is
preventing the Received header with it from being used by the rule.
2. If it is not trusted, does it help to list it as trusted? If so, this is a
configuration problem, not a bug.
3. Is there some reason why it cannot be listed as trusted? What is the reason?
If so, we have to rethink this approach to deal with whatever is preventing this
site from being configured in a way that works.
Please let me know which is the case.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Re: [Bug 3235] False Positives on FORGED_DEF_WHITELIST
Posted by Marc Perkel <ma...@perkel.com>.
No - it's not trusted - however - the first received line is from a
legit paypal server - so - can all the received lines be tested to see
if ANY of them are legit?
The issue is - some people are getting the email delivered to Server A
who then sends it on to my server for spam processing. So - it should
work in that situation. Or - for backup MX servers that spool and
forward when the main server is down.
bugzilla-daemon@bugzilla.spamassassin.org wrote:
>http://bugzilla.spamassassin.org/show_bug.cgi?id=3235
>
>
>
>
>
>------- Additional Comments From sidney@sidney.com 2004-04-03 12:16 -------
>ns1.daguru.net would have to be trusted for this to work. Otherwise anybody
>could forge headers like this and there would be no way of knowing that the mail
>really did come from paypal.com.
>
>1. Is ns1.daguru.net trusted? If it is, then I have to fix whatever is
>preventing the Received header with it from being used by the rule.
>
>2. If it is not trusted, does it help to list it as trusted? If so, this is a
>configuration problem, not a bug.
>
>3. Is there some reason why it cannot be listed as trusted? What is the reason?
>If so, we have to rethink this approach to deal with whatever is preventing this
>site from being configured in a way that works.
>
>Please let me know which is the case.
>
>
>
>
>------- You are receiving this mail because: -------
>You are the assignee for the bug, or are watching the assignee.
>
>
>