Am Mittwoch, dem 05.07.2023 um 10:20 +0200 schrieb Matus UHLAR -
fantomas:
> On 05.07.23 04:38, Robert Senger wrote:
> > Thanks for the hint that the milter is responsible for that. Found
> > a
> > little patch for spamass-milter that fixed this.
> 
> note that the headers that appear first in the message are considered
> trusted, while those below do not.
> That's why most of milters put added headers at the beginning of
> message.

Hm, trusted by whom? In my understanding, nothing in the headers can be
trusted at all as long as it's not covered by a digital signature (like
DKIM), or added by a machine under my own control...



Other point: Different spam processing milters seem to add different
"Spam-X-<something>" headers. 

The spamass-milter software adds 

X-Spam-Checker-Version: <version information>
X-Spam-Status: <scanning results>

and, if it detects spam,

X-Spam-Flag: YES
X-Spam-Level: ***********

Now, spamass-milter *replaces* any of these if they are found in the
incoming message. So, all the spam checking information added by my
backup MX is replaced by the headers of my primary MX when it receives
a message initially delivered to the backup MX, as they both use the
same spamass-milter software.

But it I look at a message received through this list, I see "Spam-X"
headers added by "Debian amavisd-new at spamproc1-he-fi.apache.org".
This software always adds

X-Spam-Score: <score>
X-Spam-Level: <empty>
X-Spam-Status: <scanning results>
(but no X-Spam-Checker-Version:)
 
to the top of the headers if the message is not classified as spam (it
would also add "X-Spam-Flag" if it detects spam, I assume). Now, my own
spamass-milter *replaces* "X-Spam-Status" at it's original position,
and *adds* "X-Spam-Checker-Version" at the bottom (or top, if patched)
of the headers. This is a mess...

Wouldn't it be better if all previous "Spam-X" headers get completely
removed?

-- 
Robert Senger



Reply via email to