https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6645
--- Comment #6 from Giampaolo Tomassoni <[email protected]> 2011-08-06 22:01:43 UTC --- (In reply to comment #5) > I think as qmail-scanner is inserted before qmail-queue it sees itself as part > of the qmail-system, which received the mail from an external client as it is > not locally generated, This seems a wrong assumption by qmail-scanner: the 'Received:' header from the MX running the scanner is right below the qmail-scanner one. > but it should add the right header (but I haven't read > into the source to find out whether it can detect the authentication or just > the IP from which the server got the mail). I believe it shouldn't detect anything at all: authentication or source identification are not its purposes. > Regarding your idea to fix the problem in the qmail-scanner sources, I have a > major point for you to consider: > > * The problem becomes critical at the target using spamassassin because there > spamassassin penalty scores the mail (possibly causing it to be dropped), but > the admin of the target mail server has no direct possibility to fix the > problem on the relay, because it is not necessarily under his control. He can > only fix the problem caused when he is running qmail-scanner and mails from > his > users are dropped somewhere else, he can't fix it on the relay but is blamed > for his server rejecting legitimate mails (and do you want to check lots of > possible communication partners servers whether they are running a non-fixed > qmail-scanner version and argue with their admins (having RBL-checking > disabled, claiming there is no problem)?) well, I believe that a customer running its own mail server should take its own responsabilities with respect to what is going out of its MX. Also, say you get SA 'fixed' with respect to this issue. What about the other spam-checking software available? How they behave with those messages? Are you going to fix all the receivers in the world? I would rather try to fix the sources... > In my opinion both ends should be fixed (spamassassin should have a workaround > for detecting the trust path of "broken" qmail-scanner servers) and future > qmail-scanner versions should either not insert this header or do it in the > right way. SA could disregard receiveds with 'with qmail-scanned' in it. That would fix the issue as longo as those headers don't convey any useful information. This is a dangerouse hack, however, because there may be cases in which that line does convey useful data: we can't exclude this a priori. So your suggestion doesn't look too strong to me. But this is me, after all. The fastest way to get something fixed in SA is to write a patch for it -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
