whitelist_to getting exploited
Res
res at ausics.net
Fri Dec 29 10:34:13 CET 2006
On Fri, 29 Dec 2006, Ramprasad wrote:
> In our setup where we do email scanning for our clients we have a
> feature by which clients can opt-out some ids from spamscan
>
> So I use in Mailscanner.conf
>
> Spam Checks = spamcheck.rules
>
> This file has
>
> To: user-1 NO
> default YES
>
> Now a spammer marks a mail to multiple people with user-1 in BCC and
> the mail passes straight
> How can I get rid of this problem. If I use the user_in_whitelist_to
> feature at spamassassin then too I would have the same issue
MailScanner is doing exactly what you have told it to, you either
whitelist user-1 or you don't, you can extend this to using the
format of 'from and to' but that will be a restricted list, unless you
are going to waste time constantly adding all the people he wants mail
from in the 'and to' segment.
The cure Ram is to remove him from the To: whitelist
--
Cheers
Res
"Just a world that we all must share, it's not enough just to stand and
stare, is it only a dream that there'll be no more turning away" - Floyd
More information about the MailScanner
mailing list