Only now that there's bondedsender (2.4.2 and higher?) can forging a received-from header actually help you by making you match a whitelist, hence my comment that it might be worthwhile to have separate black and whitelist search depths. Searching deep on blacklists is no big deal, all a spammer can do is hurt themselves, searching deep on whitelists allows them to forge their way into being through a bondedsender server, when in fact they are not.
In an ideal world you'd check all received from headers against the DNS blacklists, but only check the "trusted" ones (ie: ones generated by mailservers in your path) for whitelisting rules. But as I said, separating those might be a pain code wise.
At 02:01 PM 10/17/2002 -0500, [EMAIL PROTECTED] wrote:
Interesting. I wouldn't have expected SA to do that. It makes me wonder if that's really a good thing. The last (most recent) Received line is usually the only one you can trust (unless you have a anti-virus or pure email gateway ahead of your primary MTA). Beyond that they are to be taken with a 50lbs block of salt. Going back into the Received lines past the ones you know you can trust makes me leary. I don't know that's it a good thing. I'm gonna have to think on that a bit. The only real way I can see that it could hurt you is if the forged Received line matches a negative scoring rule like the bondedsender rule. Other than that I guess all it could really do is make you SA box work at little harder by doing more DNS lookups. If your DNS system is having load issues, this would be a good thing to set to 1. Other than that, I really can't think of any other way it could hurt you. Still, I might be more fond of only looking up the last Received line unless you know that your MTA is 2-3 levels deep in your own mail system.Justin
------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
