You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/06/05 20:59:29 UTC

[Bug 6125] Didn't catch 2 obvious spam violations

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6125


Karsten Bräckelmann <gu...@rudersport.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




--- Comment #1 from Karsten Bräckelmann <gu...@rudersport.de>  2009-06-05 11:59:28 PST ---
> From and To contained the same address.

This is a valid, commonly used approach when sending to a pure Bcc list and
does occur in ham. See various discussions in the list archives.


> While I have *@channel-islands-sw.com in my white list, I can change this as
> there are only 3 "real" e-mail addresses, however "sales@..." is one of them. 

Do NOT use whitelist_from, but whitelist_from_rcvd with your own, outbound SMTP
servers. Spammers often use the target address as the sender, because
(a) it's an easy pass in case of mis-configuration and  (b) a lot of MUAs then
display remote images, because the address is in the local address-book.

The plain whitelist_from must only be used as a (dangerous) last resort, if it
really is necessary to whitelist in the first place, and none of the other
variants (rcvd, auth, etc.) can be used.

The whitelist_from is a custom configuration.


> If I could set TO = REPLY TO to somehting more than 100, it would easily solve
> this problem, also, it VIAGRA (spelled correctly) was caught I could do the
> same. Both would void the white list entry.

Such a TO_EQ_REPLYTO rule /can/ be written using the pseudo ALL header and
multi-line matching. From memory it doesn't seem worthwhile to include it in
stock though, since this is a rarely used pattern and may occur in ham.

Scoring *anything* 100 is a very, very bad idea. And the reason to ask for this
in the first place is an unsafe whitelist. Fix that instead. :)


IMHO, this is not a bug but a local (mis-) configuration issue. Sorry.
Closing RESOLVED INVALID.


-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.