But given your patch to allow or remove them, it lets other modules get the real local spamd scoring and not rely on the call to scan the header. It is this call which could be fooled by multiple instances of the header.
In my world, I don't care what any other upstream system scored the email and I can't allow a downstream reader to be fooled. So I like the patch to [by default] drop them. I had for a while a module which denied to any incoming that already had the X-SPAM-Status, but had to drop it because some folks score their outbound. My +1 to a tested patch... Thanks, peter On 9/24/04 12:25 PM, "Michael Holzt" <[EMAIL PROTECTED]> wrote: >> Perhaps if the spamassassin module stored the local spamd scoring in the >> transaction header we wouldn't have to re-scan to find the value. I could >> think of other modules I use which would find the spamd score useful. > > Agreed, but this is unrelated to the header issue, because the multiple > header instances problem still remains. > > -kju
