http://bugzilla.spamassassin.org/show_bug.cgi?id=4436
------- Additional Comments From [EMAIL PROTECTED] 2005-06-27 22:20 ------- Hi, > you're correct that X-Originating-IP etc should be considered for > untrusted/firsttrusted tests, and that patch is now applied (updated for3.1.0) > to svn trunk. > > However, looking at the trusted_networks line you posted, that still won't > have > the desired effect-- you have to trust *all* servers along the path from your > server to the poster, e.g.: > > trusted_networks 213.165.64.20 216.155.201/24 66.218/16 130.60.28.29 It has the desired effect because all yahoo servers are whitelisted here. Yes - we have a really big whitelist, about 700 ISPs are whitelisted with all their passing mailservers. And this helps a lot to avoid FPS, you wouldn't beleave it. That a ISP server is hacked and sent from it directly is not really a problem anymore these days. > this is because otherwise, [216.155.201.60] could have been a spammer > pretending > to be a Yahoo server, and all Received lines prior to that one could have > been a > forgery. So unless [216.155.201.60] is also trusted, no hosts prior to that > can > be trusted because the Received lines themselves are not trustworthy. Of course. Sorry for my false example ... Martin ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
