whitelist_to getting exploited

Glenn Steen glenn.steen at gmail.com
Sat Dec 30 12:15:36 CET 2006


On 29/12/06, Scott Silva <ssilva at sgvwater.com> wrote:
> Ramprasad spake the following on 12/28/2006 11:16 PM:
> > In our setup where we do email scanning for our clients we have a
> > feature by which clients can opt-out some ids from spamscan
> >
> > So I use in Mailscanner.conf
> >
> > Spam Checks = spamcheck.rules
> >
> > This file has
> >
> > To: user-1 NO
> > default YES
> >
> > Now a spammer marks a mail to multiple people with user-1  in BCC and
> > the mail passes straight
> > How can I get rid of this problem. If I use the user_in_whitelist_to
> > feature at spamassassin then too I would have the same issue
> >
> You need to set up your MTA to split mails to multiple recipients, although I
> think it will break the concept of BCC's, as a new copy of the message is
> generated for each recipient.. So recipient A will get his spam, and recipient
> B will get it filtered.

Um, Scott... Why would splitting break BCC's? Do you mean that the MTA
of your choice would "transform" the BCC to a normal (visible)
recipient? Sounds a bit strange to me... The split should be very
transparent... and the BCC should still be ... "invisible" to all the
rest...

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list