1) WTF is pastebin? (not you, the other guy)
2) This is mail received from the Internet for users on the mailserver.
Users on the mailserver transmit mail from their mail clients through a
completely different server
I am using spamass-milter to process received mail.
This is a Sendmail server. It's spam
processing is with 100% Spamassassin software. Spamassassin is being
called by software included with spamassassin.
Now,
If the option was supposed to process BCC also why wasn't it called
all_spam_to_both_to_and_bcc?
I take it by the:
a) lack of usable responses
b) responses NOT claiming this ISN'T a bug
c) responses tacitly acknowledging this is an "Oh crap they forgot about
BCCs when they wrote it but I don't have the balls to publicly call them
out on it like he did"
that I am dealing with a bona-fide Spamassassing design fuck-up, and in
summary if I'm going to continue to use spamass-milter that the option
all_spam_to is off the table.
That's all I needed to know. If I'm wrong, and it's me that is doing
something wrong with the option, then tell me. But in the absence of
that, I will have to assume that I am correct, that this is a design
oversight/cock-up/ass-scratcher and deal with it.
And, of course, be on notice that the spammers out there have figured
this one out and are actively exploiting it now. So everyone else
using spamass-milter is in the same boat. Maybe there should be
at lease a hashtag comment in the local.cf file so anyone else
with the same problem isn't wasting time with it?
No, I'm not going to tear apart the server and replace spamass-milter
with something else. Not unless there's something else out there that
is simple and doesn't require 600 dependent Perl modules (like
mailscanner) and run like a 15 year old dog in the middle of August.
(also like mailscanner)
Coolest would be someone posting a patch to spamass-milter to the list
that would add "ignore BCC in header" as an option, just like someone
posted a patch a few years ago for spamass-milter that adds an
authentication bypass. (which has yet to be added to the spamassassin
distro, even though many Linux/Unix distros now include it)
Ted
On 8/14/2013 1:59 PM, Axb wrote:
On 08/14/2013 08:08 PM, Ted Mittelstaedt wrote:
Hi All,
I'm having a lot of problem with spammers who are sending spams with
a To: of a user who is NOT in my all_spam_to list and a BCC: listing
a user IN the all_spam_list. Usually the BCC's list multiple users,
I guess on the theory that they are trying to hide which one it is.
The user gets the spam and it's got a score of -93 or some
such but they don't understand why since they aren't in the all_spam_to
list.
My thought is that this is a bug - SA should not be looking at the
email addresses in the BCC to determine scoring adjustments for an email
message. So far the spammers haven't listed the abuse email address
in the BCC but that is a natural one that almost always has to be in
the all_spam_to list.
Suggestions?
tried splitting recipients before msg is sent thru SA?
