All_Spam_to question

["Daniel A. de Araujo" <da...@itautec-philco.com.br>]

Hi,

We are having a problem using the all_spam_to option.
When a message is sent to a list of users and at CCO field has a user
included at all_spam_to option, ALL users listed in the message, not only
the white-listed user will receive it.
Its very bad, because a Spammer who knows that a xxx@ user is white-listed
can bypass the Anti-Spam system.

Any ideias how to solve this ?


           Best Regards,
       Daniel Ayres de Araujo


As informações existentes nessa mensagem e nos arquivos anexados são para uso restrito, sendo seu sigilo protegido por lei. Caso não seja destinatário, saiba que leitura, divulgação ou cópia são proibidas.Favor apagar as informações e notificar o remetente. O uso impróprio será tratado conforme as normas da empresa e a legislação em vigor.


The information contained in this message and in the attached files are restricted and its confidentiality protected by law. In case you are not the addressed, be aware that the reading, spreading and copy of this message is unauthorized. Please, delete this message and notify the sender. The improper use of this information will be treated according to the company's internal rules and legal laws.

Re: RES: All_Spam_to question

[Matt Kettler <mk...@evi-inc.com>]

At 12:01 PM 10/7/2004, Daniel A. de Araujo wrote:
>Matt :
>
>I use the postfix(MTA)+ amavisd+ S.Assassin solution. If I understood what
>you wrote its impossible to block it (based in my solution), is it ?

Pretty much. Unless amavisd has some clever tricks up it's sleeve to split 
the message into multiple pieces. (it might, check with somone who uses 
amavis).


>Ps. If your answer is yes; could we consider it a S.Assassin?s flaw ?

No. You can't call that a SA flaw. You can call it a limitation of the 
method you choose to use to call SA. If you called SA in a different 
manner, this would be more easily handled.

If you fax a single copy of a letter to a company, and put a note for the 
receptionist to duplicate it to 3 people, do you expect the FAX MACHINE to 
be able to mark each copy differently? No, that's impossible because 
there's only one fax. Is this the Fax's fault? No. The receptionist could 
do that, but the fax machine can't.

If you implement SA at the MTA layer where messages aren't yet split up on 
a per-recipient basis, do you expect SA to be able to magically split the 
message up? No, that's impossible. Is this SA's fault? No. The MDA can do 
that, but a mail filter called by a milter at the MTA layer can't chance 
anything about message delivery, only message content.

RES: All_Spam_to question

["Daniel A. de Araujo" <da...@itautec-philco.com.br>]

Matt :

I use the postfix(MTA)+ amavisd+ S.Assassin solution. If I understood what
you wrote its impossible to block it (based in my solution), is it ?

Ps. If your answer is yes; could we consider it a S.Assassin?s flaw ?


-----Mensagem original-----
De: Matt Kettler [mailto:mkettler@evi-inc.com]
Enviada em: quinta-feira, 7 de outubro de 2004 12:56
Para: Daniel A. de Araujo; users@spamassassin.apache.org
Assunto: Re: All_Spam_to question


At 11:36 AM 10/7/2004, Daniel A. de Araujo wrote:
>We are having a problem using the all_spam_to option.
>When a message is sent to a list of users and at CCO field has a user
>included at all_spam_to option, ALL users listed in the message, not only
>the white-listed user will receive it.
>Its very bad, because a Spammer who knows that a xxx@ user is white-listed
>can bypass the Anti-Spam system.
>
>Any ideias how to solve this ?

Implement your whitelisting in whatever tool calls spamassassin, not in
spamassassin itself. If you use procmail, this is pretty easy, it's just a
procmail rule that avoids calling SA for that user, instead of calling it
for all messages. If you use a milter, this is pretty tricky, or
impossible, depending on the milter you use and how your MTA works.

Since spamassassin views each message without any context of the message
envelope, SA cannot (reliably) know who a message is going to be delivered
to. Thus, it acts based on all the recipient addresses it sees in the
message.

Worse still, if you call SA at the MTA layer (ie: with a milter) there's
only one message for SA to process, not one per recipient. At that point,
it would be physically impossible for SA to handle things differently on a
per-recipient basis, because there's only one message.


As informa��es existentes nessa mensagem e nos arquivos anexados s�o para uso restrito, sendo seu sigilo protegido por lei. Caso n�o seja destinat�rio, saiba que leitura, divulga��o ou c�pia s�o proibidas.Favor apagar as informa��es e notificar o remetente. O uso impr�prio ser� tratado conforme as normas da empresa e a legisla��o em vigor.


The information contained in this message and in the attached files are restricted and its confidentiality protected by law. In case you are not the addressed, be aware that the reading, spreading and copy of this message is unauthorized. Please, delete this message and notify the sender. The improper use of this information will be treated according to the company's internal rules and legal laws.

Re: All_Spam_to question

[Matt Kettler <mk...@evi-inc.com>]

At 11:36 AM 10/7/2004, Daniel A. de Araujo wrote:
>We are having a problem using the all_spam_to option.
>When a message is sent to a list of users and at CCO field has a user
>included at all_spam_to option, ALL users listed in the message, not only
>the white-listed user will receive it.
>Its very bad, because a Spammer who knows that a xxx@ user is white-listed
>can bypass the Anti-Spam system.
>
>Any ideias how to solve this ?

Implement your whitelisting in whatever tool calls spamassassin, not in 
spamassassin itself. If you use procmail, this is pretty easy, it's just a 
procmail rule that avoids calling SA for that user, instead of calling it 
for all messages. If you use a milter, this is pretty tricky, or 
impossible, depending on the milter you use and how your MTA works.

Since spamassassin views each message without any context of the message 
envelope, SA cannot (reliably) know who a message is going to be delivered 
to. Thus, it acts based on all the recipient addresses it sees in the message.

Worse still, if you call SA at the MTA layer (ie: with a milter) there's 
only one message for SA to process, not one per recipient. At that point, 
it would be physically impossible for SA to handle things differently on a 
per-recipient basis, because there's only one message.