whitelist_to getting exploited

Ugo Bellavance ugob at camo-route.com
Fri Dec 29 15:33:50 CET 2006

Ramprasad wrote:
> In our setup where we do email scanning for our clients we have a
> feature by which clients can opt-out some ids from spamscan 
> So I use in Mailscanner.conf
> Spam Checks = spamcheck.rules
> This file has 
> To: user-1 NO
> default YES
> Now a spammer marks a mail to multiple people with user-1  in BCC and
> the mail passes straight 
> How can I get rid of this problem. If I use the user_in_whitelist_to
> feature at spamassassin then too I would have the same issue 

Does your MTA split messages?


More information about the MailScanner mailing list