Justin Mason wrote:
> "Marc Steuer" writes:
> >An account in one of my hosted domains received a spam message with his own
> >e-mail address as the counterfeit "from" and "reply-to" addresses.  The
> >hosted domain is included SA's "whitelist_from", to avoid the possibility
> >that "valid" messages between domain accounts would be tagged as spam.  SA
> >correctly identified the message as a potential spam, however, the -100
> >score for the whitelist_from entry overwhelmed the other scores.
> 
> It's a FAQ.  Use whitelist_from_rcvd.

Unfortunately that does not seem to work in many common situations.
Take for example this case.

  spammer:         S.spammer.com
  mail gateway:    G.example.com
  desktop machine: D.example.com

  whitelist_from_rcvd [EMAIL PROTECTED] example.com

Mail from S goes to G goes to D.  On D spamassassin checks the
whitelist and sees the message from D.example.com and since it came
through G.example.com it also passes the received in example.com
checks.  I tried this when the feature first became available.
Perhaps it has changed more recently to be smarter?

The whitelist_from_rcvd is more effective for whitelisting domains
*other* than your own.  Then the local domain routing does not get in
the way of the received checked.  But I am starting to see some
spammer tricks in that area too.  I think any whitelist is abusable.

Bob

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to