> > this domain and SPAM server would be used only for this purpose > > If it's on the Internet, you cannot guarantee this. Spammers and other > evildoers are constantly scanning for abusable servers. It will be > found quickly, and as soon as someone finds out how to abuse it, it will > be abused.
Yes, right. But the abuser would simply forward an a-mail with sa scores to the fake originator of the triggering e-mail. I think that would be mostly useless to spammers. Also, if the '[EMAIL PROTECTED]' address is not too widely disclosed, there shouldn't be chance. Finally, if it becames to be abused, he would easily change address. No, come on. It is not that bad. I guess that's having a look at some blacklist database would probably suffice, but why not... Anybody running something like this? giampaolo > > There are three solutions: > > 1) Ensure that this "Spam server" ONLY accepts connections from a very > small list of authorized computers. This means you will need to add the > IP address or domain name of every new server you set up into a > whitelist on this server. > > 2) Allow connections from anyone, but have "[EMAIL PROTECTED]" > forward to a single, consistent address (abandon the idea of sending the > results back to the sender). This is probably the lowest-maintenance > and most sane idea. > > 3) Do not expose the server to the internet at all. This is fine for > testing servers on your internal network, but obviously won't work if > you set up servers remotely and wish to test them. > > Regardless of all of this, however, **this is a question for your MTA > software's mailing list, not for SpamAssassin**. SA does not receive, > deliver, forward, send, or otherwise handle the transmission of email. > It only looks at messages and offers an opinion. It's up to your mail > software to determine what happens to that opinion.
