On Fri, Sep 24, 2004 at 12:36:00PM -0400, John Peacock wrote:
> I agree that loss of information is normally bad, but when it is
> untrustworthy (since there is no signature), how is preserving it going
> to help in the general case?
It seems unlikely that spammers would forge X-Spam-Status headers that
mark the message as being spam. Of course there are no guarantees, but
at this stage I have little reason to disbelieve such headers.
> ...and possibly forged. If your MUA is filtering based on the
> X-Spam-Score header, how do you tell it which one to pay attention to (I
> am not aware of anything outside of a procedural filter like mailproc
> which could determine which SA instance added which filter).
The MUA just looks for any X-Spam-Score header which indicates that the
message is spam. X-Spam-Score headers indicating the message is not spam
are ignored. Of course this does raise the possibility of a DOS attack.
As for spam blocking in the MTA, qpsmtpd could and probably should rely
on the data returned directly from spamd rather than trying to read it
back from the headers. Maybe the SA plugin should store the trusted
data in a transaction note instead of parsing the headers.
Regards,
Andrew
--
mailto:[EMAIL PROTECTED] Andrew Pam
http://www.xanadu.com.au/ Chief Scientist, Xanadu
http://www.glasswings.com.au/ Partner, Glass Wings
http://www.sericyb.com.au/ Manager, Serious Cybernetics