Bug 29

Summary: autowhitelist easily spoofed
Product: Spamassassin Reporter: don taber <dtaber>
Component: RulesAssignee: Craig Hughes <craig>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: P2    
Version: 2.0   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:

Description don taber 2002-02-04 12:35:06 UTC
If a user sends himself email, his own address will be in the autowhitelist.
Then if a spammer simply includes that address in the (forged) From field, it
will get through thanks to the default score of -100.  Easy enough to fix
for a unix person willing to read the configuration docs, but such an easy
spoof should not work against the default configuration.

Other than that, thank you very, very much for a great program.  I am
EXTREMELY pleased.
Comment 1 Craig Hughes 2002-02-04 17:03:19 UTC
Fixing 23 should take care of this case.

*** This bug has been marked as a duplicate of 23 ***