https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7269
--- Comment #4 from Andrew <[email protected]> --- (In reply to Kevin A. McGrail from comment #3) > According to the docs, auto_whitelist_distinguish_signed was added solely > for 3.3.0 database compatibility: ... > If this option is set the SQLBasedAddrList module will keep separate > database entries for DKIM-validated e-mail addresses and for > non-validated ones. A pre-requisite when setting this option is that > a field awl.signedby exists in a SQL table, otherwise SQL operations > will fail (which is why we need this option at all - for > compatibility with pre-3.3.0 database schema). A plugin DKIM should Sorry, but I think that it means that pre-3.3.0 db doesn't have the field "signed by" and this option should be set to zero when using old scheme (turned off). So I think the documentation means "why we need this options to be TURNED OFF". By default this option is turned on (for the latest DB that has signedby field). the DKIM separate records is a feature that helps to prevent of trashing the score for good senders when spammers use someone's "from" field but can not provide the users correct DKIM signature. when this option is not used and spammer user the email of some good user we have bad reputation for this good user just because spamnmer used his email and this is not correct, we will score the good emails with this incorrect score. For example an intruder can generate much spam and use email of a victim, the system will learn that this email is spam by txrep. then our victim writes us a good email but it is banned by txrep. so I think this is a feature to prevent such security holes in spam protection.. and it can be turned off for old db when there were no support of this feature in txrep/awl. -- You are receiving this mail because: You are the assignee for the bug.
