whitelist_to getting exploited
John Van Ostrand
john at netdirect.ca
Fri Dec 29 15:28:53 CET 2006
On Fri, 2006-12-29 at 19:34 +1000, Res wrote:
> On Fri, 29 Dec 2006, Ramprasad wrote:
> > Now a spammer marks a mail to multiple people with user-1 in BCC and
> > the mail passes straight
> > How can I get rid of this problem. If I use the user_in_whitelist_to
> > feature at spamassassin then too I would have the same issue
>
> MailScanner is doing exactly what you have told it to, you either
> whitelist user-1 or you don't, you can extend this to using the
> format of 'from and to' but that will be a restricted list, unless you
> are going to waste time constantly adding all the people he wants mail
> from in the 'and to' segment.
>
> The cure Ram is to remove him from the To: whitelist
Have you considered using "Use Default Rules With Multiple Recipients =
yes".
If that's a problem because you want an absolute whitelist on emails to
that user then there are sendmail techniques I've heard of split
messages when addressed to multiple recipients.
--
John Van Ostrand Net Direct Inc.
CTO, co-CEO 564 Weber St. N. Unit 12
Waterloo, ON N2L 5C6
john at netdirect.ca ph: 518-883-1172 x5102
Linux Solutions / IBM Hardware fx: 519-883-8533
More information about the MailScanner
mailing list