|Main Archive Page > Month Archives > spamassassin-dev archives|
On Thu, 21 Apr 2011 12:55:38 -0400, firstname.lastname@example.org wrote:
> By default, it seems SA will honor Received-SPF headers, while I would
> guess most people aren't inserting it at their MTA, so it's a great
> opportunity for spammers to forge the header to say their email passed
this header could be removed in mta, and readded if spf pass in mta, its
just not any stable milters that does it so far, but if headers is removed
and added it most likely invalidates dkim if remote signed it
> So, shouldn't it be disabled by default, by setting
> ignore_received_spf_header to 1?
> It seems like it would be nice to have a rule like
> (SPF_PASS && !SPF_IN_HOSTKARMA_BL)
> where SPF_IN_HOSTKARMA_BL is a lookup of the domain from the
> header in the hostkarma.junkemailfilter.com zone returning 127.0.0.2.
> any other domain blacklist. I just grabbed one from the bottom of
or report to spamhaus dbl zone, if thats possible ?