http://bugzilla.spamassassin.org/show_bug.cgi?id=3502
Summary: RFE: Move _HOSTNAME_ to Status header
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Libraries
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
The forged X-Spam headers mentioned in bug 3501 made me think that we should
move the _HOSTNAME_ from the Version header to the end of the Status header.
Why this?
The hostname of the box SpamAssassin runs on is something like a shared secret
between the recipient and the instance running SpamAssassin. A spammer can't
reliably guess the real hostname of the checking box -- he could try the MX
but that's in most cases just a CNAME for the real name as it appears in the
hearder.
So for now it would make it possible to detect probably faked Status lines;
maybe somebody finds another use for it later. Whatever the use is, the
hostname should be coupled with the actual results instead of some other
header. And if we change it, we should do it for 3.0.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
