|
SA Bugzilla – Full Text Bug Listing |
Summary: | AWL allows inheritance of good score for spammers if private/local adresses are used. | ||
---|---|---|---|
Product: | Spamassassin | Reporter: | Andreas Mager <spamquattro> |
Component: | Plugins | Assignee: | SpamAssassin Developer Mailing List <dev> |
Status: | NEW --- | ||
Severity: | normal | CC: | ivo, mnalis-sabug, rodolfo |
Priority: | P5 | ||
Version: | 3.2.5 | ||
Target Milestone: | Undefined | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Attachments: |
The patch
Patch to remove AWL fallback to none |
Description
Andreas Mager
2010-03-01 18:17:46 UTC
If I am reading the report correctly, I'd tell that the real problem is not with AWL, or with SA, but with the mail server configuration. Forged addresses on own domain should never reach SpamAssassin, they should be rejected in a an early stage when processing the mail, to save resources. It can be easily done either using DKIM or SPF, or simpler even without them by rejecting all email using local domains and not originating on authorized networks. DKIM signature would fix it with AWL even without rejecting the email prior SA. To address the issue anyway, I made a modification in the TxRep plugin (a proposed replacement for AWL). Now, messages originating on internal networks, will be assigned the address 127.0.0.1 (regardless what the real internal IP address was). The fix is in the revision 1.0.6 of TxRep. See https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7021 for more details. As for the reversing the IP list, that is addressed in the bug 6908 (https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6908), and fixed in TxRep too, although the simple reversal is not the right solution. Created attachment 5383 [details]
Patch to remove AWL fallback to none
This patch removes the fallback to from-none when from-ip doesn't have a history record.
ip=none for emails originated from private subnets
About comment #1: In an ISP configuration there are many legit reasons for anti-spoofing measures to be kept disabled and there is often no control over the SPF-DKIM configuration of all the client domains. So, incoming emails with forged "from" cannot always be stopped at an early stage. In any case there is no good reason to allow an email from an external ip class to inherit reputation from emails originated by private ip classes. Reputation should be kept separate in any case. My proposed patch removes the fallback. |