If you're not scanning mail for spam, then you shouldn't be checking for
the spam headers.
I don't think there would be an issue with forged headers. Most are
using Spamassassin at the MTA level via simscan or qmail-scanner. If
it's stripping headers and putting valid ones in, where's the problem?
I don't think vdelivermail or vpopmail in general should be calling
spamc/spamassassin. Let that be handled elsewhere. Let's stick to
delivering mail and deciding where it goes.
From: Rick Macdougall [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 01, 2005 3:50 PM
Subject: Re: [vchkpw] Spamassin configuration
Tom Collins wrote:
> On Mar 1, 2005, at 1:34 PM, Rick Macdougall wrote:
>> Is that a good idea ? Say a spam slips through that forges the SA
>> headers ?
>> (Yes, I'm playing devil's advocate here, since SA already checks for
>> just that type of thing and ignores them/strips them out, but what
>> happens when some new admin doesn't install SA correctly and the mail
>> does NOT get scanned by SA but the spammers have made it look like it
>> I'll keep quiet now :)
> If a message forges SA headers to appear as ham when it's really spam,
> then that isn't any different than not having the headers at all (as
> far as vdelivermail storing it in a spam folder).
> If you're running SA, it will strip out any old spam headers before
> outputing its own headers, so it isn't an issue.
> If you're not running SA, then a ham message with forged headers
> indicating that it was spam could end up in the spam folder, but why
> would someone want to do that?
What I'm saying is a mis-configured server with spam coming through that
is SA forging itself as ham.
Not very likely, but I thought I'd throw it out there.