https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6357
Summary: AWL allows inheritance of good score for spammers if
private/local adresses are used.
Product: Spamassassin
Version: 3.2.5
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Plugins
AssignedTo: [email protected]
ReportedBy: [email protected]
Created an attachment (id=4681)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4681)
The patch
given this setup:
mailserver receives company email via private IPs (e.g. 10.0.0.0/8)
and also gets mails from outside.
this error happens:
mails from local users have only private IPs in them.
they all get removed by "check_from_in_auto_whitelist".
so a pretty solid negative score develops under the address:
[email protected]|ip=none
if a spam mail arrives, it inherits this good score for a spammy IP address.
this leaves an open door for more spam until the mean value has risen high
enough.
see Mail/SpamAssassin/AutoWhitelist.pm "sub check_address" for details.
remedy: configure the internal ips as trusted networks
and disable the removal of internal ips.
additionally I have some concerns about reversing the ip list.
as of the current state the first public ip the mail passed through is used.
this could be a problem because this information is passed through untrusted
servers and could be easily forged to sneak by the filter using good IPs and
discredit them in the process.
so I changed this to use the IP that is right next to the trusted networks.
I kept the reversing of the trusted IPs so company mails get filed under their
most specific IP.
please see the small patch I've attached for details
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
