[Pkg-dspam-misc] Bug#401623: Confirmation
Julien Valroff
julien at kirya.net
Sun Dec 16 12:41:48 UTC 2007
Le dimanche 16 décembre 2007 à 13:32 +0100, Julien Valroff a écrit :
> Hi,
>
> Le mercredi 06 décembre 2006 à 11:18 -0500, Daniel Kahn Gillmor a
> écrit :
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > At 2006-12-04 23:21, tsr-debian at achos.com said:
> >
> > > When receiving mail with X-DSPAM headers already present,
> > > local dspam adds its own to the bottom.
> >
> > I just confirmed this: dspam does not replace already-present X-DSPAM
> > headers on a functioning dspam 3.6.8 installation for me either.
> >
> > > This could be used by spammers to trick people filtering on Result:
> > > Innocent
> >
> > Yup. That's a problem. As a general principle, I'd suggest that it's
> > better to filter based on the presence of any non-Innocent results (as
> > opposed to the lack of an Innocent result), but the difference is a
> > subtle one, and your scenario is probably not uncommon.
> >
> > > But it also prevents error learning as the provided signature
> > > is not found in the local database (and dspam quits on the
> > > first signature found). It's quite a problem for resent
> > > messages (mutt's bounce).
> >
> > This is a good point, and a potentially serious problem for dspam.
> >
> > > I see no reason to keep externally generated X-DSPAM headers,
> > > but would suggest to overwrite them with the local data.
> >
> > I tend to agree that this is the right solution. Would someone with
> > more experience with MTAs care to weigh in on whether replacing
> > received headers is a legitimate thing to do?
>
> I must say I am not an experienced sysadmin, but I thought I could share
> my knowledge. Using postfix as MTA, I simply IGNORE the previous X-DSPAM
> headers:
> /^(X-DSPAM-.*)/ IGNORE
> as an header check rule.
>
> You also have to set "nested_header_checks=" in your main.cf file so
> that postfix doesn’t delete the X-DSPAM-* headers in the attached
> messages. Without this line, the signatures cannot be retrieved from the
> nested message.
>
> I hope this can help.
Also see this discussion I had launched on a dspam mailing list:
http://comments.gmane.org/gmane.mail.spam.dspam.devel/2597
Cheers,
Julien
More information about the Pkg-dspam-misc
mailing list