I've been running Spamassassin now for a couple of years and it has been a
great help. Recently though, I've begun coming across some messages that
are blatantly spam, but are being tagged as "user_in_whitelist" and let
through.
I understand the whitelist syntax pretty well and can guarantee that there
is no mention of this "From" pattern in any whitelist on my mail server and
I have no "whitelist_to" entries at all. Yet, the message still gets
through with a user_in_whitelist.
Could this have something to do with the fact that these seem to all be
getting through via some MailMan mailing list "[EMAIL PROTECTED]" addresses?
I have a system-wide entry of:
whitelist_from_rcvd [EMAIL PROTECTED] osc.edu
Thanks for any help!
Here's an example mail header:
Delivered-To: [EMAIL PROTECTED]
Received: from 62.193.212.143 (vds-382890.amen-pro.com [62.193.212.143])
by email.osc.edu (Postfix) with SMTP id 6A9EB27C043
for <[EMAIL PROTECTED]>; Thu, 29 Sep 2005 13:57:04 -0400 (EDT)
Received: from 8.46.2.15 by ; Thu, 29 Sep 2005 13:55:09 -0500
Message-ID: <[EMAIL PROTECTED]>
From: "Chase Manhattan Bank Security Department" <[EMAIL PROTECTED]>
Reply-To: "Chase Manhattan Bank Security Service" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: WARNING: CONFIRM YOUR ONLINE BANKING RECORDS
Date: Thu, 29 Sep 2005 15:54:09 -0300
X-Mailer: eGroups Message Poster
MIME-Version: 1.0
X-Security: MIME headers sanitized on atlantis
See http://www.impsec.org/email-tools/procmail-security.html
for details. $Revision: 1.127 $Date: 2001-02-03 10:08:32-08
Content-Type: multipart/alternative;
boundary="--3088121228315208968"
X-Priority: 1
X-MSMail-Priority: High
Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on atlantis.osc.edu
X-Spam-Level:
X-Spam-Status: No, score=-81.6 required=2.0 tests=AWL,BAYES_95,
HTML_IMAGE_ONLY_16,HTML_MESSAGE,HTML_NONELEMENT_00_10,
MIME_BOUND_DD_DIGITS,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,
MISSING_MIMEOLE,MPART_ALT_DIFF,MSGID_SPAM_CAPS,NORMAL_HTTP_TO_IP,
RATWARE_EGROUPS,RCVD_NUMERIC_HELO,SUBJ_ALL_CAPS,USER_IN_WHITELIST
autolearn=spam version=3.0.2
--
Brian Powell - Senior Systems Manager, The Ohio Supercomputer Center
Phone: 614-292-6017 GPG(pgp) key at, http://www.osc.edu/~bpowell/
"Since the general civilizations of mankind I believe there are more
instances of the abridgment of the freedom of the people by gradual and
silent encroachments of those in power than by violent and sudden
usurpations." --James Madison
