Opened 11 years ago

Last modified 10 years ago

#514 testing defect (fixed)

Have whitelists and blacklists apply to visible header addresses

Reported by: mortonda@… Owned by: mortonda@…
Priority: normal Milestone: 1.0.3
Component: General Version: 1.0.2
Severity: normal Keywords: whitelists blacklists
Cc:

Description

From a user's point of view, it is confusing when they whitelist the From: address in a message they see, and yet it still gets trapped in a spam quarantine. We need to find a way to make this "just work" for the end user...

Change History (5)

comment:1 Changed 11 years ago by rjl@…

  • Component changed from amavisd-maia to General
  • Keywords whitelists blacklists added

Partially implemented in [1366]. Still missing from a complete implementation is a checkbox to allow users to indicate whether they want "From:" headers to be considered for list-matching purposes. Also, the (optional) mechanism that automatically whitelists the senders of rescued spam now needs to take that setting into account, and if it's enabled, the address in the "From:" header should be added to the whitelists as well.

comment:2 Changed 11 years ago by mortonda@…

Actually, as looking at the from_header($) function, should we even care if the stuff after the From: is a valid email address? Since it could be forged, we might want to block any part. For example, maybe I don't want to receive mail from:

From: Viagra <forged@example.com>

or

From: Viagra <anotherforged@example.net>

If we could put "Viagra" in the blacklist, it could still block... Of course, that changes the semantics of the mailaddr table; maybe instead of a field named email it should just be pattern. We don't have to rename it, but is there any reason not to use it in this manner?

comment:3 Changed 11 years ago by rjl@…

No, at that point you'd be completely changing the nature of a whitelist/blacklist, making it into a generic content filter, which is what SpamAssassin was designed to be. Whitelists/blacklists operate on email addresses, so the only part of the "From:" header that we care about for the purpose of whitelists/blacklists is the part that looks like an email address. It's beyond the scope of whitelists/blacklists to examine anything else in the "From:" header.

What you're really asking for here is a new feature--a generic content filter that would allow users to maintain lists of patterns (equivalent to per-user SpamAssassin rules) and direct matching items to any of the available quarantines. We did something like this for a client a number of years ago, you may recall.

comment:4 Changed 10 years ago by mortonda@…

  • Owner changed from rjl@… to mortonda@…
  • Status changed from new to accepted

[1378] and [1379] put links in message viewer to make this easier.

comment:5 Changed 10 years ago by mortonda@…

  • Resolution set to fixed
  • Status changed from accepted to testing

I think the new links are far more userfriendly, and adding a checkbox to ask whether we want header or envelope is going to be confusing. I think it just does the right thing now.

Note: See TracTickets for help on using tickets.