I've got an odd situation where I've received spam from a (forged) valid address in my own domain. Problem is that the headers are clearly forged as the IP for my mailserver is incorrect, but the whitelist rule for my domain is being applied.
Yeah, whitelist_from'ing your own domain is just a BAD idea. Don't do it. Ever.
Is there a setting where I can tell spamassassin which IP is the MTA for my domain? It would make sense to me that spamassassin should know what my proper MTA is, and if the header is forged, it shouldn't apply the whitelist rule.
Use whitelist_from_rcvd instead of whitelist_from. Also upgrade to 2.60. 2.5x still has some minor bugs in parsing received: headers that some spammers can abuse to make it falsely match a whitelist_from_rcvd when it shouldn't.
-------------------------------------------------------
This SF.net email sponsored by: Enterprise Linux Forum Conference & Expo
The Event For Linux Datacenter Solutions & Strategies in The Enterprise Linux in the Boardroom; in the Front Office; & in the Server Room http://www.enterpriselinuxforum.com
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
