Upcoming Release: feature Request
Mark Martinec
Mark.Martinec+amavis at ijs.si
Tue Feb 16 17:31:28 CET 2016
> @lbutlr:
>> How does amavis know if you removed the spammer headers and added your
>> own?
Andreas Schulze wrote:
> It has to trust the administrator does a good job :-)
>
> Each A-R header include an AuthServID (a hostname generating the A-R
> header)
> Any A-R header consumer must know these "TrustedAuthServIDs" and trust
> these are generated localy.
AuthServID by itself is not good enough, such header field must also
belong to a set of trusted fields. SpamAssassin solves the problem
of determining which header fields can be trusted by settings
trusted_networks / internal_networks / msa_networks.
Mark
More information about the amavis-users
mailing list