http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
Summary: "fetchmail marker, restarting parse" can be used by
spammers to hide relay handovers from SA
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Libraries
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
SA will restarting Received-header parsing if it sees a line like this:
Received: from localhost [127.0.0.1]
by localhost with IMAP (fetchmail-6.2.5)
for [EMAIL PROTECTED] (single-drop); Sat, 31 Dec 2005 19:46:19 -0800
(PST)
unfortunately, we never checked to see if this was in the untrusted
relay set; sadly, it works in that situation, allowing a spammer to
"hide" the real handover from zombie to the scanner MX, so that the DNS
tests are not run on the correct IP. demo to follow.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
