[Pkg-dspam-misc] Bug#401623: Confirmation
Julien Valroff
julien at kirya.net
Sun Dec 16 12:32:27 UTC 2007
Hi,
Le mercredi 06 décembre 2006 à 11:18 -0500, Daniel Kahn Gillmor a
écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At 2006-12-04 23:21, tsr-debian at achos.com said:
>
> > When receiving mail with X-DSPAM headers already present,
> > local dspam adds its own to the bottom.
>
> I just confirmed this: dspam does not replace already-present X-DSPAM
> headers on a functioning dspam 3.6.8 installation for me either.
>
> > This could be used by spammers to trick people filtering on Result:
> > Innocent
>
> Yup. That's a problem. As a general principle, I'd suggest that it's
> better to filter based on the presence of any non-Innocent results (as
> opposed to the lack of an Innocent result), but the difference is a
> subtle one, and your scenario is probably not uncommon.
>
> > But it also prevents error learning as the provided signature
> > is not found in the local database (and dspam quits on the
> > first signature found). It's quite a problem for resent
> > messages (mutt's bounce).
>
> This is a good point, and a potentially serious problem for dspam.
>
> > I see no reason to keep externally generated X-DSPAM headers,
> > but would suggest to overwrite them with the local data.
>
> I tend to agree that this is the right solution. Would someone with
> more experience with MTAs care to weigh in on whether replacing
> received headers is a legitimate thing to do?
I must say I am not an experienced sysadmin, but I thought I could share
my knowledge. Using postfix as MTA, I simply IGNORE the previous X-DSPAM
headers:
/^(X-DSPAM-.*)/ IGNORE
as an header check rule.
You also have to set "nested_header_checks=" in your main.cf file so
that postfix doesn’t delete the X-DSPAM-* headers in the attached
messages. Without this line, the signatures cannot be retrieved from the
nested message.
I hope this can help.
Cheers,
Julien
More information about the Pkg-dspam-misc
mailing list