whitelist_to getting exploited
Scott Silva
ssilva at sgvwater.com
Fri Dec 29 22:42:55 CET 2006
Ramprasad spake the following on 12/28/2006 11:16 PM:
> In our setup where we do email scanning for our clients we have a
> feature by which clients can opt-out some ids from spamscan
>
> So I use in Mailscanner.conf
>
> Spam Checks = spamcheck.rules
>
> This file has
>
> To: user-1 NO
> default YES
>
> Now a spammer marks a mail to multiple people with user-1 in BCC and
> the mail passes straight
> How can I get rid of this problem. If I use the user_in_whitelist_to
> feature at spamassassin then too I would have the same issue
>
You need to set up your MTA to split mails to multiple recipients, although I
think it will break the concept of BCC's, as a new copy of the message is
generated for each recipient.. So recipient A will get his spam, and recipient
B will get it filtered.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list