Justin Mason wrote: > "Marc Steuer" writes: > >An account in one of my hosted domains received a spam message with his own > >e-mail address as the counterfeit "from" and "reply-to" addresses. The > >hosted domain is included SA's "whitelist_from", to avoid the possibility > >that "valid" messages between domain accounts would be tagged as spam. SA > >correctly identified the message as a potential spam, however, the -100 > >score for the whitelist_from entry overwhelmed the other scores. > > It's a FAQ. Use whitelist_from_rcvd.
Unfortunately that does not seem to work in many common situations. Take for example this case. spammer: S.spammer.com mail gateway: G.example.com desktop machine: D.example.com whitelist_from_rcvd [EMAIL PROTECTED] example.com Mail from S goes to G goes to D. On D spamassassin checks the whitelist and sees the message from D.example.com and since it came through G.example.com it also passes the received in example.com checks. I tried this when the feature first became available. Perhaps it has changed more recently to be smarter? The whitelist_from_rcvd is more effective for whitelisting domains *other* than your own. Then the local domain routing does not get in the way of the received checked. But I am starting to see some spammer tricks in that area too. I think any whitelist is abusable. Bob
pgp00000.pgp
Description: PGP signature
