I do agree the Habeas folks will need to act quickly and completely so the effect of forgeries is minimized. However, this doesn't mean SpamAssassin needs to be a sitting duck for such forgeries. I think if you just stop bayes from auto-learning habeas-marked mail as ham, you'd take away the vulnerability, and the downside would be almost nil.
as a short-term fix you can archive this by giving it a tflags value of userconf in your own private config.
this is exactly how GTUBE was hacked to not be used as a learning critera.
------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
