https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6549
Summary: Squirrelmail headers should be parsed
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Libraries
AssignedTo: [email protected]
ReportedBy: [email protected]
Created an attachment (id=4847)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4847)
A few lines of Received.pm to deal with squirrelmail
The resolution to bug 3236 simply ignores headers added by SquirrelMail. The
intention presumably was to trust SquirrelMail authentication so that local
users did not hit dynamic IP checks. I've seen a number of false negatives (eg
loan offers, webmail phishing) sent through compromised webmail accounts which
originate from web clients with IP addresses in West Africa. If these had been
correctly included in X-Spam-Relays-Untrusted, then they would have at least
hit uceprotect-level2 and uceprotect-level3.
As DO'S said prophetically in 2004 in bug 3302 "I wonder if the header would be
useful having (for something at some point) now that we can extend the trust
boundary to it (bug 2462)." (I would have reopened that but don't think I have
editbugs privileges).
Attached patch is not thoroughly tested on live server, but does add to Trusted
when needed and do lookups when not.
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
