MS + SA Whitelisting

[Matt Kettler]

Fixing this is in fact impossible.

This is due to the fact that there's only one email despite there being
multiple recipients. Since there's only one email at the time that
MailScanner and SpamAssassin see it, there can only be one spam markup.

  Thus there are only 2 actions that can be done for a multi-recipient
email with one user as a whitelist-to entry.

         1) Go with the principle of most privilege, and whitelist the
email and everyone gets it that way.

         2) Go with the principle of least privilege, and don't whitelist
it, and everyone gets it that way.

Currently SpamAssassin does option 1. I suppose one could make it have an
option to behave like option 2, but neither case gives you the desired
behavior of whitelisting the copy delivered to user A and not whitelisting
the copy given to user B.

The ONLY way to solve the fundamental problem is to run SpamAsssassin AFTER
it's delivered to the mailboxes of the users, and NOT at the MTA level like
MailScanner does. It's a fundamental limitation of running at the MTA level
and it's something that MailScanner will never be able to do unless the
definition of what it is changes to something radically different.

Of course, running per-user post delivery has drawbacks too.. ie: this only
works if all the users have actual user accounts on the mailserver running
SpamAssassin. It does not work for a forwarding type mailserver.


At 11:38 AM 2/11/2003 -0700, Derrick Georgiades wrote:
>I believe this has been brought up before, but I was wondering what the
>status was.
>An email with multiple recipients is completely whitelisted if any addresses
>in the email are in the whitelist file.
>This becomes a major problem for my users.  Emails that are tagged upwards
>of 19 SA points is delivered to a user that is not whitelisted.  Is there a
>new version that takes care of this?  Will there ever be one?
>
>Thanks
>Derrick Georgiades
>Power Engineers, Inc.