If you're not scanning mail for spam, then you shouldn't be checking for
the spam headers.

I don't think there would be an issue with forged headers.  Most are
using Spamassassin at the MTA level via simscan or qmail-scanner.  If
it's stripping headers and putting valid ones in, where's the problem?
I don't think vdelivermail or vpopmail in general should be calling
spamc/spamassassin.  Let that be handled elsewhere.  Let's stick to
delivering mail and deciding where it goes.



-----Original Message-----
From: Rick Macdougall [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 01, 2005 3:50 PM
To: vchkpw@inter7.com
Subject: Re: [vchkpw] Spamassin configuration

Tom Collins wrote:
> On Mar 1, 2005, at 1:34 PM, Rick Macdougall wrote:
>> Is that a good idea ?  Say a spam slips through that forges the SA 
>> headers ?
>> (Yes, I'm playing devil's advocate here, since SA already checks for 
>> just that type of thing and ignores them/strips them out, but what 
>> happens when some new admin doesn't install SA correctly and the mail

>> does NOT get scanned by SA but the spammers have made it look like it
>> has.)
>> I'll keep quiet now :)
> If a message forges SA headers to appear as ham when it's really spam,

> then that isn't any different than not having the headers at all (as 
> far as vdelivermail storing it in a spam folder).
> If you're running SA, it will strip out any old spam headers before 
> outputing its own headers, so it isn't an issue.
> If you're not running SA, then a ham message with forged headers 
> indicating that it was spam could end up in the spam folder, but why 
> would someone want to do that?



What I'm saying is a mis-configured server with spam coming through that
is SA forging itself as ham.

Not very likely, but I thought I'd throw it out there.



Reply via email to