Jan-Peter Koopmann Jan-Peter.Koopmann at SECEIDOS.DE
Fri Nov 5 16:59:46 GMT 2004

Hi Alan,

> 1) If a custom from header is set in MailScanner.conf, and
> that header is also defined in spam.assassin.prefs.conf via
> 'envelope-sender-header', then the placement of that header
> in the email does not matter. Since SA knows it has been
> specifically told to watch for that custom header, then it
> will accept it as valid since a spoofer would not know what
> name to use to forge the header.


> 2) If however the standard 'X-Envelope-From' header is used,
> it must be placed at the top of the headers, or SA will not 'trust'
> its validity. 

Correct as well.

> Thanks for your time!

Your welcome. I was already working on a bug report for them and was
just looking at that piece of code a few minutes earlier. Therefore: No
trouble at all.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

More information about the MailScanner mailing list