[milters] Archive

Lists Index Date Thread Search

Article: 76
From: Christian 'CBE' Benner
Date: 2004-09-23 03:57:03 -0400
Subject: [SIQ] 027 RE: [LFN14080312] milter-spamc setup generating false p

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Hi Frank,
I guess filtering for Header "X-Spam" isn't the right way.
The spamc milter can also change the Subject to
whatever you want (e.g. **** SPAM ****)
and thats a Header information which a spammer
would'nt insert by itself.

X-Header can be set and remove by each spammer like
doubled X-Header insertion
e.g.  sending X-Spam-Flag: twice... first one is
tagged by Client with NO and spamc is inserting a
second X-Spam-Flag: Yes but e.g. on Windows
Maschines OE (outlook express) decides on first
occurence of that X-Header.

Best regards

Christian


> | The report headers inserted by milter-spamc are:
> | X-Spam-Flag      Boolean "YES" or "NO" as to whether the 
> message is spam.
> 
> 
> That causes the problem. In the default Spamassassin 
> config the X-Spam-Flag tag is only set, when the message
> is classified as spam - and is complete absent if the
> message is ham.
> This is to prevent a spammer from setting "X-Spam-Flag: no" 
> by himself and bypass client side filters.
> The clients (as we and probably many others do) filter for
> the existens of X-Spam-Flag. If it's set - with "Yes" or "no" 
> or whatever - the message is treated as spam.
> 
> Therefore I strongly encourage Anthony and the whole list
> to change the documentation and settings to prevent other
> milter users running into false positives.
> TIA.




Lists Index Date Thread Search