On Mon, 1 Mar 2004, Matt Kettler wrote:
> At 11:15 AM 3/1/2004, Ilan Aisic wrote:
> >Thanks I'll use it.
> >However, it won't check that the server the mail comes from is
> >mail.apache.org which is a weakness.
>
> Yes, it is a weakness. Unfortunately, whitelist_to wasn't really written
> with mailing-lists in mind. It was more written with the idea of reducing
> FPs for a local user who subscribes to spammy newsletters.
>
> Perhaps a "whitelist_to_rcvd" feature wouldn't be such a bad idea, since it
> would be useful for mailing lists.
There's no guarantee that the "To:" address would be predictable and
thus -not- usefull for this purpose.
There are pleny of posts to this list that don't include "apache.org"
in the "To:" Usually "apache.org" does appear in either "Cc:" or "To:"
but if the poster uses "Bcc:" it won't.
Some lists use something like "To: undisclosed-recipients:;"
(see RFC-2822).
People, I've said this before, it's worth repeating.
READ RFC-2821, section 3.10. Worthwhile mailing list systems
will set the ENVELOPE FROM address to something predictable.
IF you configure your mail system in such a way that the Envelope From
address is available to SpamAssassin, then the 'whitelist_from_rcvd'
functionality works just fine to whitelist -all-kinds- of lists
(including this one. ;).
Why try to invent new hacks when the existing tools work just fine
if properly used.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
