https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7686
--- Comment #6 from Bill Cole <[email protected]> --- (In reply to Jordan from comment #5) > In other words, external receiving servers would not check the > x-originating-ip header *anyway* because the message is already coming from > an untrusted source that is found higher up in the delivery chain? > > And in our case, it *is* checking x-originating-ip solely because the > webmail server is already trusted, so x-originating-ip is the only untrusted > IP left to check? > > Do I have that right? YES It is important to understand that "trusted" in SpamAssassin does not mean "believed to not pass spam" but rather "believed to accurately record the source of mail in parseable headers." -- You are receiving this mail because: You are the assignee for the bug.
