On Thu, 2003-03-27 at 11:37, Matt Kettler wrote: > This is true.. however it also assumes the spammer knows that you are > checking for this.. It's very hard to spoof something when you don't know > what the checks are..
Security through obscurity doesn't work very well when I'm considering contributing the changes back to an open source project ;-) I keep saying the same things here, and I'm sure that one of us is missing something, but for the life of me, I'm not sure which one. The root problem that I'm trying to solve is that SA has no idea that mail was delivered to _my MTA_ encrypted and/or authenticated. Now, I can kludge a solution to that locally, but then I have to carry that kludge around, and I don't want to do that. Alternatively, I could patch the SA libraries to recognized the kind of thing I need (e.g. just the FIRST occurrence of a given header) and write a rule to use that feature (e.g. match TLS in the first header). Seems like a lot of talk for a little change. I'll make it and mail a patch tonight. ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
