On Tue, Nov 26, 2002 at 02:36:44PM -0700, Jason R. Mastaler wrote:
>This is rather disturbing. TMDA's tagged addresses are perhaps out of
>the ordinary, but no more so than an ezmlm confirmation address for
>example.
>
>Mark, would you mind reporting these bugs to the spamassassin
>developers? Perhaps they aren't aware of the problem, and getting this
>fixed will help other TMDA users.
Yeah I was thinking about doing that. But the problem is that
spamassassin works entirely on a cumulative test system. So you assign
a score for a particular test (postive or negative) and if the total
score is for all of the tests is above 5 (by default) then the email is
marked as spam.
So I was thinking that I could suggest that they include the tests
that I gave in my previous email as part of the default set of tests.
But if I were an SA developer, I would not want to include these tests.
They are ONLY useful if you're using TMDA and spamassassin. If you're
using only spamassassin, then the easy way to get spam into your mailbox
would be to address it to:
[EMAIL PROTECTED]
Since TMDA isn't behind SA and able identify this as a faked confirm
address, the email will get in.
I think a more appropriate action would be to update FAQ 1.10 to
include these tests for folks who want to use both TMDA and spamassassin.
This will also give us a place to mention that you need slightly different
rules if you've modifed TAGS_KEYWORD, TAGS_SENDER, et al.
Thoughts?
- Mark
_____________________________________________
tmda-users mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-users
