Hi,
On Tue, Feb 26, 2008 at 15:56 +0000, Justin Mason wrote:
> The fix would be to implement support for IPv6 trust paths:
>
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4503
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4964
Ok, so you're telling me that not only is this bug known, but it went
unfixed fot over a year?
I must admit that I don't know much of SAs internals or how hard it is
to fix this "the correct way".
However a bug like that should have been fixed -- or at least worked
around by now.
A simple workaround would be to hardcode a fake IP (like "0.0.0.0") for
IPv6.
But the bigger problem remains, and it is not the IPv6 stuff. The main
problem here is, that if the first Received header is (for what reason
ever) unparsable, all the other (spammer-controlled) headers are
trusted if they have an "auth" part. I would say the default here is
definitely the wrong way round.
But then, I'm only a stupid user and who cares about those %)
CU,
Sec
--
Not a perfect solution, but far cheaper than one.
