Sorry it took a while ... On Sat 7 May 05 16:23, "Martin G. Diehl" <[EMAIL PROTECTED]> wrote: > Joshua Tinnin wrote: > > [thanks for your response] > > > On Sat 7 May 05 07:01, "Martin G. Diehl" <[EMAIL PROTECTED]> wrote: > >>Greetings, > >> > >>I am seeing some SpamAssassin eMail messages flagged as SPAM. > >> > >>That's probably not unusual, given the nature of our discussions > >> and especially because we quote actual SPAM examples within our > >> messages. > >> > >>I know that someone is going to say, "whitelist" ... > > > > <snip> > > > >>(1) is it customary for a whitelist test to be done _only_ on the > >> address in the 'From:' header? > >> > >>(2) OR should a whitelist test be done on all of the addresses in > >> any of these headers ... > >> > >> 'Return-Path:', 'Received:'. 'From:', 'To:' ... ? > > > > I whitelist on: > > > > List-Id: <users.spamassassin.apache.org> > > > > I use KMail to whitelist using its filters, but something similar > > is possible with procmail, meaning the mail from the list never > > even touches SpamAssassin - it gets filtered before it hits SA. > > IOW, you don't have to use SA's whitelist. I don't for practical > > reasons - I find it better to spread out the load and have > > something else perform whitelisting, much as blocklists at the > > server level do rather than through SA. > > I was hoping to learn ... > > (a) the 'standard' way to apply a whitelist ... item (1) or (2), > above
Well, whitelisting is simply diverting email from being classified as spam. It doesn't much matter how you do it, except in terms of functionality in your situation. As far as what's standard, I don't rightly know (is there one?), but I find it best to whitelist on headers that are unique to that type of email. In the case of email lists, there is usually some non-standard header inserted. This list uses List-Id, which is relatively common on email lists (as it greatly simplifies filtering, such as whitelisting), so I whitelist on: List-Id: <users.spamassassin.apache.org> It simply works, though I don't really think about it being a non-standard way to whitelist. I've been doing that for many years. > (b) or if the original addressing was leading to the whitelist false > negative To be honest, I don't know. I don't have enough experience tinkering with SA's whitelist. > Here are some of the headers from the original message in that thread > ... > > >> Date: Sat, 07 May 2005 12:10:53 +0530 > >> From: Rakesh <[EMAIL PROTECTED]> > >> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>, > >> users@spamassassin.apache.org > >> Subject: Way to evade URI checks > > Note that '[EMAIL PROTECTED]' is the second address. ... Not that > anything as trivial as the sequence of addresses should matter <g> > ... OTOH (silly) questions like mine, which challenge an obvious good > assumption _do_ find bugs on occasion. > > (c) In addition, as I said in my original message, > > >> Something else that troubles me about this eMail example ... > >> > >> X-Spam-Report: > >> * 1.1 FORGED_RCVD_HELO Received: contains a forged > >> HELO > >> > >> ... even though this looks OK ... > >> > >> Received: from unknown (HELO mail.apache.org) > >> (209.237.227.199) by rbl-mx3.oct.nac.net with SMTP; 7 May 2005 > >> 10:37:36 -0000 > >> > >> OTOH, 209.237.227.199 resolves to mail.apache.org ... and > >> spamassassin.apache.org resolves to 209.237.227.199 Don't worry about that forged HELO. Happens a lot. Most of my ham has that. Can't seem to find it now, but did you say this SA setup was on a host you don't control? Like, are you an email user on a system with SA, not the admin? Maybe thinking of someone else ... - jt
