Please do remember that I am in no way trying to stop or hinder
you in implementing your fix. The fact that I have other
suggestions does not mean that I'm opposing you.
Jo Rhett wrote:
I don't trust "my users" in this context.
Nothing I said implied or required trust in your users.
A lot of work to hack around a simple problem. The AWL works just fine
for mail from "my users" to other "my users". In fact, it works
exceedingly well for that. What value is there in separating them?
It would create a difference (a regards the AWL) between
self->self addressed mail sent from authenticated/local users ans
similar mail from other systems.
And considering that SpamAssassin doesn't (in many
configurations) even know what recipient address a message has,
it might actually be easier than having the AWL ignore mail from
self->self.
It also might (depedning on configuration) not require any
changes at all to SpamAssassin.
What alternatives? So far I've only heard (a) disable the AWL (b) don't
use AWL it sucks and (c) hack the system to use different AWLs. None of
which really make any logical sense to solve the problem.
I also mentioned the having the AWL include the authentication
state in AWL data key.
As long as the MSA adds authentication info in it's received
header, this could be fetched from "X-Spam-Relays-Trusted" pseudo
header. The changes to do this would not be more difficult or
invlolved than the changes necessary to exempt self->self mail
from the AWL AFAICS.
Also, while the adressee of a mail is often available with
PerMsgStatus all_to_addrs, this function is not very reliable. It
actually extracts a whole bunch of addresses that might be the
recipient from the mail header. There is no guarantee that any of
the returned addresses really are the recipient of the mail.
So, to implement exemption of self->self-mail you first have to
implement a way for SpamAssassin to know what the recipient
address is in order to know if a mail is self->self-addressed.
If you do implement your fix and submit it, please make it an option.
I for one would turn it off since it would not improve things here.
You are the first person to say so. Can you explain why?
I want the AWL to apply to mail that is addressed from self->self.
Since the AWL also takes the IP address into account and since
all mail from authenticated/local users here comes from 127.0.0.1
to the software calling SpamAssassin, I do not have your problem
here and would not benefit from your fix.
While most mail addressed self->self that comes from external
systems is spam, every now and then ham addressed from self->self
do come in from idiotic systems and sometimes from users who for
some reason is not using our servers when sending mail.
The AWL as it is now does distinguish between "good" and "bad"
mail that are or pretends to be from our users, and I see no
reason to remove possible benefits of that distinction for mail
that happens to be addressed to the same user as it's addressed from.
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
