Hi,
I ran into an issue with checking against a sender domain (dns) blacklist
using eval:check_rbl_from_domain (DNSEval plugin).
The problem appears while scanning mail which has been Resent.
In some cases we re-scan mail which has been quarantined before. In these
cases the check_rbl_from_domain test does not hit anymore.
This is because we add a Resent-From: header to the e-mail when we inject it
again into the mailflow.
The check_rbl_from_domain uses PerMsgStatus->all_from_addrs() internally.
In the source code i find this:
# Resent- headers take priority, if present. see bug 672
This is an ancient issue:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=672
In the code all From headers are ignored if the Resent-From is present.
I wonder what the use case is to ignore all normal headers. I don’t think it
is correct, at least for checking a blacklist with check_rbl_from_domain.
It would be too easy to manipulate the DNS check by adding a Resent-From
header, which no user will ever see.
Cheers,
Merijn
