Bug 29 - autowhitelist easily spoofed
Summary: autowhitelist easily spoofed
Status: RESOLVED DUPLICATE of bug 23
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 2.0
Hardware: All Linux
: P2 normal
Target Milestone: ---
Assignee: Craig Hughes
Depends on:
Reported: 2002-02-04 12:35 UTC by don taber
Modified: 2002-02-04 08:03 UTC (History)
0 users

Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description don taber 2002-02-04 12:35:06 UTC
If a user sends himself email, his own address will be in the autowhitelist.
Then if a spammer simply includes that address in the (forged) From field, it
will get through thanks to the default score of -100.  Easy enough to fix
for a unix person willing to read the configuration docs, but such an easy
spoof should not work against the default configuration.

Other than that, thank you very, very much for a great program.  I am
EXTREMELY pleased.
Comment 1 Craig Hughes 2002-02-04 17:03:19 UTC
Fixing 23 should take care of this case.

*** This bug has been marked as a duplicate of 23 ***