On Wed, 2003-07-16 at 11:02, Alexander Litvinov wrote: > > That will work, but if everyone starts doing it then spammers will start > > forging X-Spam-Status lines into their spam. The idea is good but that > > implementation is trivially defeated. > > It seems to much better solution will be > | spamassassin --remove-markup | spamassassin > > (remove any markup by prev. spamassassin and when check again, spammers can't > forge this solution)
That doubles the processing overhead though, the message is processed twice with the first set of results discarded, the scores could be different both times due to rbls, pyzor etc, and lead to lots of confusion. Spammers could easily put X-Spam-Status: NO in their headers, possibly fooling quite a few systems, and I'm sure they'll get around to trying it one day, but they would be unlikely to start trying to guess what you used as a passphrase in the version tag, it's not worth their while to target one individual small mailserver. For better accuracy, match the ip address of the forwarding machine in the received line as well, only accept X-Spam-Status as being good if it's also forwarded from a known good ip address. Or, use formail in the .procmailrc on the forwarding machine to add a unique X-header and filter against that on the server. Or, use /etc/procmailrc on the server to add a unique X-header to filter against instead of using X-Spam-Status There's lots of ways to make this work, I can't think of a less efficient one than running all the spam through sa twice. A few bits added to a procmail recipe and a formail -I are a lot more cpu friendly than even the most streamlined spamassassin configuration. -- Yorkshire Dave -- Scanned by MailScanner at wot.no-ip.com ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
