----- Original Message ----- From: "Jason J. Ellingson" <[EMAIL PROTECTED]>
> Okay, follow-up question: > > Where does SpamAssassin get the IP? Is it the oldest IP in the received > headers (low), or the most recent (top)? > > If it is oldest (assuming originating IP), then that could be faked easily > enough. > > If it is top, then what does it do if there is no IP (as many SpamAssassin > implementations seem to have the message processed before adding appropriate > received headers.. tisk, tisk, tisk...) > > Either way... a lot of people I know are on Comcast in the same town... they > are all on the same sub-"b" class network (/17 I think)... So entirely > possible to have this nightmare happen. I just tested this and it used the address range of the client computer I sent the message from. When I sent another message with the same e-mail address but from a totally different subnet, it registered the same e-mail address with the different client computer address range, thus, I had two entries in the AWL database for the same e-mail address but with different client ip nets. Like you said, this address can be forged, but someone would really have to put some effort into it just to IP someone's AWL database, which can then be removed from the database even easier than it went in. And using the sending client machine IP address is certainly much safer and less prone to abuse then it would be if the sending mail servers IP address were used. Bill
