|Main Archive Page > Month Archives > spamassassin-dev archives|
--- Comment #6 from Giampaolo Tomassoni <firstname.lastname@example.org> 2011-08-06 22:01:43 UTC ---
(In reply to comment #5)
> I think as qmail-scanner is inserted before qmail-queue it sees itself as part
> of the qmail-system, which received the mail from an external client as it is
> not locally generated,
This seems a wrong assumption by qmail-scanner: the 'Received:' header from
the MX running the scanner is right below the qmail-scanner one.
> but it should add the right header (but I haven't read
> into the source to find out whether it can detect the authentication or just
> the IP from which the server got the mail).
I believe it shouldn't detect anything at all: authentication or source
identification are not its purposes.
> Regarding your idea to fix the problem in the qmail-scanner sources, I have a
> major point for you to consider:
> * The problem becomes critical at the target using spamassassin because there
> spamassassin penalty scores the mail (possibly causing it to be dropped), but
> the admin of the target mail server has no direct possibility to fix the
> problem on the relay, because it is not necessarily under his control. He can
> only fix the problem caused when he is running qmail-scanner and mails from his
> users are dropped somewhere else, he can't fix it on the relay but is blamed
> for his server rejecting legitimate mails (and do you want to check lots of
> possible communication partners servers whether they are running a non-fixed
> qmail-scanner version and argue with their admins (having RBL-checking
> disabled, claiming there is no problem)?)
well, I believe that a customer running its own mail server should take its
own responsabilities with respect to what is going out of its MX. Also, say
you get SA 'fixed' with respect to this issue. What about the other
spam-checking software available? How they behave with those messages? Are you
going to fix all the receivers in the world? I would rather try to fix the
> In my opinion both ends should be fixed (spamassassin should have a workaround
> for detecting the trust path of "broken" qmail-scanner servers) and future
> qmail-scanner versions should either not insert this header or do it in the
> right way.
SA could disregard receiveds with 'with qmail-scanned' in it. That would fix
the issue as longo as those headers don't convey any useful information. This
is a dangerouse hack, however, because there may be cases in which that line
does convey useful data: we can't exclude this a priori. So your suggestion
doesn't look too strong to me.
But this is me, after all. The fastest way to get something fixed in SA is to
write a patch for it
-- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.