https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7182
Kevin A. McGrail <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Kevin A. McGrail <[email protected]> --- (In reply to John Hardin from comment #1) > Would per-domain override of the default be possible? I think having > exceptions for bad configs like eBay and SecureServer would be better than > opening it up to potential DoS via *any* domain. Well in a quick check, we had over 300 hits on PERMERROR in the past 5 hours. Without parsing further, I really predict new issues every day. For example, we found the secureserver one because we had a subdomain that used an redirect/include that chained to the domain that had an include for secureserver, etc. etc. That one extra bump on the subdomain put us over 15. So it's not the easiest issue to find though Joe's work to unearth T_SPF_PERMERROR helps and there is an open bug for SPF more info from that issue. So I like your idea but I think it would be a nightmare to use so we would likely use a higher limit which is in line with other major players ignoring the RFC like Gmail. Hopefully, doubling from 10 to 20 isn't dramatically increasing the DOS potential since the 10+ years since the spec was started. In conclusion, the idea of a single number for configuration is my choice. But hey, if you code up something that does by domain, I might think of a way to add multiple thresholds or something. Regards, KAM -- You are receiving this mail because: You are the assignee for the bug.
