I know it sounds unlikely, but it really seems to happen. Here's an example. First, some of the header/envelope info from an email that got through SA (recipient address and domain altered):
Received: from mail1.somecompany.com ([127.0.0.1]) by localhost (mail1.somecompany.com [127.0.0.1]) (amavisd-new) with ESMTP id 05169-04 for <[EMAIL PROTECTED]>; Wed, 25 Sep 2002 14:27:25 -0000 (CDT) Received: from mail.your-info.cc (unknown [65.244.188.58]) with ESMTP id 05169-04 for <[EMAIL PROTECTED]>; Wed 25 Sep 2002 14:27:25 -0000 (CDT) Message-ID: <[EMAIL PROTECTED]> X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) From: [EMAIL PROTECTED] Content-Type: text/html Mime-Version: 1.0 X-Virus-Scanned: by amavisd-new amavisd-new-20020630 In the logs, I trace this email and see: Sep 25 14:27:25 mail1 amavis[5169]: (05169-04) spam_scan: whitelisted sender <[EMAIL PROTECTED]>, spam check skipped Sep 25 14:27:25 mail1 amavis[5169]: (05169-04) spam_scan: tests=whitelisted, <[EMAIL PROTECTED]> Sep 25 14:27:25 mail1 amavis[5169]: (05169-04) fwd via smtp: [127.0.0.1:11028] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> Sep 25 14:27:26 mail1 amavis[5169]: (05169-04) mail checking ended: DELIVERED Now I've never whitelisted this "your-info.net" sender. I'm running SA with postfix. And if I: grep -i your-info.net /etc/postfix/* grep -i your-info.net /etc/mail/spamassassin/* grep -i your-info.net /usr/share/spamassassin/* grep -i your-info.net /root/.spamassassin/* I come up with no instances of this string. This mail server doesn't hold any local mailboxes, it is just a relay to our internal mail server, which is Exchange, and the users run Outlook and don't have any ability to whitelist anything themselves, so it can't be a user whitelist issue. This is only one example. It looks to me like some senders are sending in emails that get themselves whitelisted somehow! Could there be some exploit of SA that could do this? ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
