whitelist_to getting exploited

Scott Silva ssilva at sgvwater.com
Sat Dec 30 19:04:53 CET 2006


Glenn Steen spake the following on 12/30/2006 3:15 AM:
> On 29/12/06, Scott Silva <ssilva at sgvwater.com> wrote:
>> Ramprasad spake the following on 12/28/2006 11:16 PM:
>> > In our setup where we do email scanning for our clients we have a
>> > feature by which clients can opt-out some ids from spamscan
>> >
>> > So I use in Mailscanner.conf
>> >
>> > Spam Checks = spamcheck.rules
>> >
>> > This file has
>> >
>> > To: user-1 NO
>> > default YES
>> >
>> > Now a spammer marks a mail to multiple people with user-1  in BCC and
>> > the mail passes straight
>> > How can I get rid of this problem. If I use the user_in_whitelist_to
>> > feature at spamassassin then too I would have the same issue
>> >
>> You need to set up your MTA to split mails to multiple recipients,
>> although I
>> think it will break the concept of BCC's, as a new copy of the message is
>> generated for each recipient.. So recipient A will get his spam, and
>> recipient
>> B will get it filtered.
> 
> Um, Scott... Why would splitting break BCC's? Do you mean that the MTA
> of your choice would "transform" the BCC to a normal (visible)
> recipient? Sounds a bit strange to me... The split should be very
> transparent... and the BCC should still be ... "invisible" to all the
> rest...
> 
Won't the recipient show up if you have the envelope-to headers enabled?
I was just going on memory of past postings. I haven't split messages yet, as
  I haven't seen the need.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!



More information about the MailScanner mailing list