https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6908
Ivo Truxa <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #9 from Ivo Truxa <[email protected]> --- AWL indeed searches the originating IP - in the chain from the top of the header, the last public IP. David is right that it is pointless, because it can be easily spoofed. However, the simple reversing of the array-parsing cannot work correctly, because we would get the first public IP, which is also not what we want. We want the first untrusted IP, and only if that is not available (for example all comes from trusted networks), we take the last trusted IP. After reviewing this issue, I implemented the IP search algorithm in this way at the TxRep plugin (revision 1.0.5). Look at https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7021 for the details on TxRep (proposed replacement of AWL). However, still it would be much better for the ranking, to get deeper to the origin through the untrusted relays. One possibility is on the user side - he should assure to define well the trusted networks and all possible relying hosts. Additionally, at low scoring messages, we can assume nobody would try spoofing ham email to improve scoring of a spoofed good address, hence we can trust even the untrusted relays in such case. So when the score is lower than 2.0, TxRep will go through the untrusted relays like AWL always did. This value 2.0 is hardcoded. I wanted to avoid too many settings, but it could be easily done configurable too. Although not perfect, it should help identifying at least the good senders better. Have a look at the change, test it, and let me know whether it works as intended, and whether it is an acceptable solution. -- You are receiving this mail because: You are the assignee for the bug.
