Sorry,
Thought I did replay all, but did not.
I did find a whitelist line I missed. I guess the third time IS the
charm as the saying goes. I will be monitoring her Inbox again today to
see if that solves it.
The server is on a version of Linux that may have stopped getting
updates so I suppose that is why the spamassassin version is old. I
will endeavor to update the server soon.
Thanks for all the answers! I don't participate because I'm just good
enough to maintain my customers email servers, but I really appreciate
the expertise on this list.
Y'all have some fun,
Robert
-------- Forwarded Message --------
Subject: Re: From Spoofed
Date: Wed, 26 Feb 2020 08:34:16 -0600
From: Robert A. Ober <ro...@robob.com>
To: David B Funk <dbf...@engineering.uiowa.edu>
On 2/25/20 9:04 PM, David B Funk wrote:
On Wed, 26 Feb 2020, Benny Pedersen wrote:
Robert A. Ober skrev den 2020-02-26 02:28:
I have a user that is getting many emails with obscene subjects.
Someone is spoofing the From to include the users domain so the email
is hitting "USER_IN_WHITELIST". I have installed the plugins from
extremeshok and it has not stopped the problem.
remove whitelist_from in spamassassin, or change it to score -0.1
i will not argue on why whitelist_from even exists
The SUBJECT_FUCKBUDDY rule has a score of 3.0 .
change score to 300
upgrade to 3.4.4 btw
I won't argue with the recommendation to upgrade but his real problem is:
Someone is spoofing the From to include the users domain so the email is
hitting "USER_IN_WHITELIST"
That says somebody has taken the users' domain and added it to a
"whitelist_from" statement. That is -not- a SA default.
So first kill that ill-advised whitelist_from
–––––––––––––––––––––––––––––––––––––––
I did that previously, but I will check again.
Thanks all for the answers, I will read them all hopefully within the hour.
Robert
