You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Marc Perkel <ma...@perkel.com> on 2004/04/02 20:00:19 UTC
False Positives on FORGED_DEF_WHITELIST
Been getting false Positives on FORGED_DEF_WHITELIST rule on mail comibg
from paypal.
Re: False Positives on FORGED_DEF_WHITELIST
Posted by Sidney Markowitz <si...@sidney.com>.
Marc Perkel wrote:
> Let me see if I can find the message. But - suppose someone has a
> secondary store and forward server - then if the main server goes down
> and the secondar server gets it - and then the main server comes up and
> transfers it to the main server - then the last server it comes from is
> the secondary server.
My intent was to check the server that is first used to send the mail,
and for that I rely on a (in this case) paypal.com mail server talking
to a trusted server of the receiver. If people are receiving mail from
one of their own servers that SpamAssassin does not know is trusted,
then there is no way to tell if a Received header is forged.
-- sidney
Re: False Positives on FORGED_DEF_WHITELIST
Posted by Marc Perkel <ma...@perkel.com>.
Let me see if I can find the message. But - suppose someone has a
secondary store and forward server - then if the main server goes down
and the secondar server gets it - and then the main server comes up and
transfers it to the main server - then the last server it comes from is
the secondary server.
I was just wondering if you check all the received lines or just the
last one?
Sidney Markowitz wrote:
> Marc Perkel wrote:
>
>> Been getting false Positives on FORGED_DEF_WHITELIST rule on mail
>> comibg from paypal.
>
>
> Can you open a Bugzilla ticket and attach the headers from an example?
> (deleting private info is ok for this, and I don't need the body)
>
> I wrote the rule recently and I can well believe that there is a bug
> that I missed.
>
> The theory is that any address on the default whitelist is only sent
> from a mail server in its domain. If you read the doc I wrote on it
> you'll see that there is a way to specify that it is not the case for
> a specific whitelist entry, but I've never seen PayPal mail that
> doesn't get sent through a paypal.com mail server.
>
> -- sidney
>
>
Re: False Positives on FORGED_DEF_WHITELIST
Posted by Sidney Markowitz <si...@sidney.com>.
Marc Perkel wrote:
> Been getting false Positives on FORGED_DEF_WHITELIST rule on mail comibg
> from paypal.
Can you open a Bugzilla ticket and attach the headers from an example?
(deleting private info is ok for this, and I don't need the body)
I wrote the rule recently and I can well believe that there is a bug
that I missed.
The theory is that any address on the default whitelist is only sent
from a mail server in its domain. If you read the doc I wrote on it
you'll see that there is a way to specify that it is not the case for a
specific whitelist entry, but I've never seen PayPal mail that doesn't
get sent through a paypal.com mail server.
-- sidney
Re: False Positives on FORGED_DEF_WHITELIST
Posted by Marc Perkel <ma...@perkel.com>.
I have a question about this rule.
If the MX record points to Server A - but the mail is then forwarded on
to Server B - and server B runs SpamAssassin - would this rule falsely
kick in?
Marc Perkel wrote:
> Been getting false Positives on FORGED_DEF_WHITELIST rule on mail
> comibg from paypal.
>
>
>
>