On Sat, 25 Jun 2011 16:31:57 +0200 Benny Pedersen wrote:
> yes, good strong auth is NOT to trust localhost webmail clients at > all, so webmail like roundcube and others need to use sasl auth even > if it just connect to localhost Spamassassin uses untrusted received headers so I don't see why it shouldn't use IP information supplied by web clients. The important thing is that untrusted information should only be able to increase the score.
