Mitch (WebCob) wrote:Good idea, but is it really that simple?
Yeah, why not?
I would only want to do this for the top Received header - if I test all headers a spoofed auth header can bypass spamassassin.
If you're really that paranoid about it, you can probably flesh this out:
i=1 foreach /Received: / { if ( $i == 1 && ( ! $MATCH =~ /Received: .*\(AUTH: [^)]*\) *by \ [:alnum:]*.example.com/) ) { xfilter "/usr/bin/spamc" } i=$i + 1 }
There's probalby something wrong with that. I didn't test it.
Technically, there's something wrong with that. Practically, it doesn't matter.
A hostile attacker can craft a HELO that will fool this regexp; however I don't think this is something to lose any sleep over, though.
pgp00000.pgp
Description: PGP signature
