Notice the use of the word first. You cannot forge the first header. Or rather, you CAN forge the first header, and then the receiving MTA will promptly add its own as the NEW first header. Thus the first header is always added by the local MTA. If SA then added its own (acting as a sort of MTA itself in this respect), it could be assured that if the first received header were from SA, it was authentic (if it were forged, it would HAVE TO come after the local MTA's received header).
Actually, I did understand the implication of the first header, what I failed to understand was that SA was adding a new header _after_ the local MTA's header... I read you as intending it to be a _part_ of the local MTA's header (ie: edit the local MTA's header to add that ). If it was added as a part of the MTA's header (a bad idea anyway) it would be vulnerable to this, but your suggestion is immune
In any event, your system would be handy for "avoiding" the double-SA problem on a server.. but really you're just covering up the fact that the server is in fact broken. The same sysadmin is likely to complain about how ungodly slow his server is, failing to realize he's running his email through SpamAssassin two, three or even four times. At least this way you can point out that he's got config problems...
Heck.. It'd almost be better if SA detected the error and purposefully deadlocked itself in order to draw attention to the problem.
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
