https://issues.apache.org/SpamAssassin/show_bug.cgi?id=4469
--- Comment #16 from Mark Martinec <[email protected]> 2009-08-21 09:27:43 PST --- > Mark: how do you deal with the danger of phishers inserting fake > 'X-Amavis-MessageSize: mmmmm, TRUNCATED to nnnnn' headers in their templates > to avoid DKIM checks? (you could avoid it by ensuring the header appears at > the start of the message, before any trusted+internal Received hdrs, if you're > not already doing that.) I already do that. The header field is always prepended to a message when passing it to SA, and the rule (as suggested above) only checks for the *first* occurrence of such header field: header __TRUNCATED X-Amavis-MessageSize =~ m{\A[^\n]*TRUNCATED}m > Perhaps we should "standardize" an official TRUNCATED header name. Wouldn't hurt. > There is also the issue that HTML spam can be easily concocted that contains > an innocent-looking body for the first 512KB, then includes 3KB of spam > payload which uses CSS to hide the innocent text and display only the payload. > But I guess that may not be a showstopper. Certainly not as bad as spam > getting past, unscanned. ;) I'm aware of this, but for the time being this isn't being exploited. It's certainly no worse than not checking at all. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
