On Thu, 2004-11-25 at 18:35, Daniel Quinlan wrote: > Mathias Koerber <[EMAIL PROTECTED]> writes: > > > There are two tests I would like to use to whitelist incoming email. > > > > a) If it's References: or In-Reply-To: header matches a Message-ID > > of a mail sent out through my server. This would require > > The main reason I haven't checked this in is because it's defeatable by > spammers.
In what way? > > > a) recording M-IDs of outgoing emails ina formail -D > > manner > > b) expiring M-IDs from that list based on available > > database-size and/or time in the DB > > c) checking incoming email against that list > > See http://bugzilla.spamassassin.org/show_bug.cgi?id=1314 But that also wants to consider M-IDs of mails received and listed as non-spam. IMHO, a more restrictive set (only M-IDs sent from the local site are checked against) would be better and much harder to defeat. Any other mails would have to pass other tests anyway. > > b) if incoming PGP/GPG-signed email has a matching public key > > in a keyring accessible by SpamAssassin (or MailScanner) > > Seems like a waste of time. ;-) Why? That way I can strongly identify users I know would not spam.. > > > Has anyone implemented anything like this? Any hints on how to > > best go about this? Or any other opinion on these (eg why these > > may be bad ideas)? > > I have the former... it needs to be turned into a plugin. That's the > only way to do it now. right, now I need to learn how to create plugins. -- [EMAIL PROTECTED]
