SA Bugzilla – Bug 29
autowhitelist easily spoofed
Last modified: 2002-02-04 08:03:19 UTC
If a user sends himself email, his own address will be in the autowhitelist. Then if a spammer simply includes that address in the (forged) From field, it will get through thanks to the default score of -100. Easy enough to fix for a unix person willing to read the configuration docs, but such an easy spoof should not work against the default configuration. Other than that, thank you very, very much for a great program. I am EXTREMELY pleased.
Fixing 23 should take care of this case. *** This bug has been marked as a duplicate of 23 ***