whitelist_to getting exploited

Scott Silva ssilva at sgvwater.com
Fri Dec 29 22:42:55 CET 2006

Ramprasad spake the following on 12/28/2006 11:16 PM:
> In our setup where we do email scanning for our clients we have a
> feature by which clients can opt-out some ids from spamscan 
> So I use in Mailscanner.conf
> Spam Checks = spamcheck.rules
> This file has 
> To: user-1 NO
> default YES
> Now a spammer marks a mail to multiple people with user-1  in BCC and
> the mail passes straight 
> How can I get rid of this problem. If I use the user_in_whitelist_to
> feature at spamassassin then too I would have the same issue 
You need to set up your MTA to split mails to multiple recipients, although I
think it will break the concept of BCC's, as a new copy of the message is
generated for each recipient.. So recipient A will get his spam, and recipient
B will get it filtered.


MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

More information about the MailScanner mailing list