https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
Justin Mason <[EMAIL PROTECTED]> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |ASSIGNED
--- Comment #6 from Justin Mason <[EMAIL PROTECTED]> 2008-07-10 07:30:54 PST
---
(In reply to comment #1)
> good point -- a bounced message with no Received: headers should always be
> local.
actually, I'm partially wrong here. This is only the case if the message was
generated by a trusted MTA.
Consider the case where a spam message contains your addr as the sender, and no
Received hdrs. This message is sent to a remote MTA, and that MTA generates a
bounce; the bounce will contain that message, with no Received hdrs, but will
be sent to you. It's still a backscatter bounce, and should be rejected, even
though it contains no Received hdrs in the bounced message! The
"centroshop.ru" sample in that FNs mbox demonstrates this scenario.
So I'm going to change the "no Received headers found" check. instead, I'll
change it to a "generated by trusted relay" check. In other words, the message
has to be generated by a trusted relay for it to evade the BOUNCE_MESSAGE
rule. This fixes the bug case you're talking about -- just add those
OOO-generating local relays to be in your trusted network set!
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
