spam addrs

[Tom Anderson]

From: "David Relson" <relson at osagesoftware.com>
> All together, the feature adds about 25 lines of code, including
> declarations, processing of '%I' in formats, etc.
>
> I've also included "Not guaranteed to be the originating address of the
> message." in two places.

Cool.  You didn't answer my question regarding lines like these though:

Received: from 1.2.3.4 (proxying for 5.6.7.8) (user 4.3.2.1) by 9.8.7.6
(7.6.5.4) with SMTP id blah for user+3.4.5.6 at 8.7.6.5.abc.com; date

or similarly:

Received: from 1.2.3.4 ([5.6.7.8] ident=4.3.2.1) by 9.8.7.6 (7.6.5.4) with
SMTP id blah for user+3.4.5.6 at 8.7.6.5.abc.com; date

Will bogofilter output 5.6.7.8 as required, or something else?  I think the
"proxying for" style is from Squirrelmail and the "ident" style from Exim.
Other MTAs may also put the IP in the middle somewhere.

Also, not only is the IP not guaranteed to be the originating address of the
message, it may not even be an intermediary, but rather an innocent IP
spoofed by the spammer.  Action taken on the IP (such as blocking,
reporting, or retaliation) without further verification may make the
situation worse by involving innocents or mucking up your own services.  If
something to this effect could be added to your warning, it might help to
highlight the need to not depend solely on this value.

Tom