http://bugzilla.spamassassin.org/show_bug.cgi?id=4425
------- Additional Comments From [EMAIL PROTECTED] 2005-09-21 10:23 ------- (In reply to comment #15) > +1 to Bob's patch -- it fixes the bug. > > Ken's issue can't be avoided and is a side effect of not setting his > trusted_networks manually (which I wish was mandatory). > > Retitling since the bug has nothing to do with the helo IP. The bug is that > _check_whitelist_rcvd shouldn't look at trusted hosts if untrusted ones are > present since forged mail "from" your domain will always match > whitelist_from_rcvd entries for your own domain. That sounds like a good description. But shouldn't it go a little further and require _check_whitelist_rcvd also return "no match" if there are *no* trusted hosts? IE, if one doesn't specify trusted_networks and mail reports itself to be "from" my domain, it should never be able to reduce its score via a whitelist_from_rcvd rule because there's no trusted header for which to attempt a match. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
