From: Frank Heydlauf
Date: 2004-09-23 05:10:03 -0400
Subject: [SIQ] 013 Re: Re: [LFN14080312] milter-spamc setup generating false positives
More information..: http://www.milter.info/#Support
On Thu, Sep 23, 2004 at 10:01:27AM +0200, Anthony Howe wrote:
> > This is to prevent a spammer from setting "X-Spam-Flag: no"
> > by himself and bypass client side filters.
> > The clients (as we and probably many others do) filter for
> > the existens of X-Spam-Flag. If it's set - with "Yes" or
> > or whatever - the message is treated as spam.
> I disagreed with this then as I do now. Filtering based on the presence
> or absence of a header is totally WRONG and naive. When a header is
> defined to have a value, such as boolean for X-Spam-Flag, its those
> values that should be tested for, not the existance of a header.
> The X-Spam-Flag, if already present, is always overridden by
> milter-spamc, so a spammer attempting to slip by milter-spamc and
> SpamAssassin by setting it to "NO" would not gain from this. I'm not
> familar with all of SpamAssassin's rules, but if it skipped scanning a
> message that was already marked with X-Spam-Flag: NO, then it would be
> very brain damaged filter IMHO.
if the world would be such easy, we would not have a single spam :-}
I think assuming a spammer would not set "X-Spam-Flag: no" in his
mail would be naive.
And why should I scan a message again if it's already marked as
spam (here: containing X-Spam-Flag:)?
Setting X-Spam-Flag to "YES" or another value is only a hack because
empty headers would be removed by some (all?) MTAs.
There seems to be a big difference between milter and exim installations.
Exim in the recommended setup
does *not* alter or delete existing X-Spam-Flag Header nor does it append
new ones - ist's just not necessary!
But fully regardless if it's wrong or naive - there are countless
exim installations with the setup mentioned above and the inherent
danger of causing false positives if they receive mails already
filtered by a milter setup in the way you recommend.
That's what I wanted to tell you.
Copyright 2009, 2012 by SnertSoft. All rights reserved.