1) don't ever whitelist yourself. This kind of spammer behavior is SUPER common. A very noticeable portion of the spam I get is "from" my own address.
2) If you must whitelist yourself, use a whitelist_from_rcvd not a simple whitelist_from.
3) In fact, if you can avoid it, don't ever use a simple whitelist_from, and always use a whitelist_from_rcvd whenever possible. This closes a LOT of loopholes like the one you found here.
Basically whitelist_from_rcvd forces a check of both the from: address and the received headers. This makes it so the whitelist cannot be spoofed merely by substituting a from: line.
At 07:14 PM 12/16/2002 +0000, Jonathan Duncan wrote:
I have gotten a couple of vile spams that came through with NO problem whatsoever because of the test "USER_IN_WHITELIST". It seems that the spammer used my email address in the To: field as well as the From: field. If all spammers did that, with my current configuration, my install of SA would be worthless. Is there a way around this? Perhaps I could change the amount of negative points the people in the whitelist get and up the number of points that "FROM_SAME_AS_TO" gets. Has anyone else solved this problem already?
-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
