Upcoming Release: feature Request

Mark Martinec Mark.Martinec+amavis at ijs.si
Tue Feb 16 17:31:28 CET 2016

> @lbutlr:
>> How does amavis know if you removed the spammer headers and added your 
>> own?

Andreas Schulze wrote:
> It has to trust the administrator does a good job :-)
> Each A-R header include an AuthServID (a hostname generating the A-R 
> header)
> Any A-R header consumer must know these "TrustedAuthServIDs" and trust
> these are generated localy.

AuthServID by itself is not good enough, such header field must also
belong to a set of trusted fields. SpamAssassin solves the problem
of determining which header fields can be trusted by settings
trusted_networks / internal_networks / msa_networks.


More information about the amavis-users mailing list