Tung wrote: > COuld it be possible for a spammer to send an email > with additional headers that are exactly like SA's > with "X-Spam-FLag: NO" to trick the MDA filtering > matches? Since SA's headers are at the end filtering > would stop once it matches the fake headers.
That would depend on your setup; but if you're using the most common method to call SA (procmail), then you call SA *before* procmail decides where to file the message based on the X-Spam* headers. Any other calling method should act in much the same way, IMO. In one particular case, I set procmail to file message with X-Spam* tags of one variety in my spam folder, because they scored *very* high on a different system under my control and so I was willing to trust that header. SA itself will more or less ignore any existing X-Spam* headers and overwrite them with "new" information if a message passes through again. All of this assumes you're using report_safe 0, instead of one of the other tagging modes. -kgd -- "Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken." - Unknown
