whitelist_to getting exploited

Ramprasad ram at netcore.co.in
Fri Dec 29 08:16:25 CET 2006

In our setup where we do email scanning for our clients we have a
feature by which clients can opt-out some ids from spamscan 

So I use in Mailscanner.conf

Spam Checks = spamcheck.rules

This file has 

To: user-1 NO
default YES

Now a spammer marks a mail to multiple people with user-1  in BCC and
the mail passes straight 
How can I get rid of this problem. If I use the user_in_whitelist_to
feature at spamassassin then too I would have the same issue 


More information about the MailScanner mailing list