Steve Thomas wrote: >>How is it that this (weird, sort-of-null) From: address is whitelisted? >>It's surely not listed in my local.cf or user_prefs. Any ideas? > > > Whether or not the null sender should be in the default whitelist is > subjective, but I think most would agree that it's prudent.
Well, three points: 1) null sender isn't in the default whitelist 2) the rule matched isn't due to the default whitelist, as that would show up as USER_IN_DEF_WHITELIST, instead of USER_IN_WHITELIST. 3) The message in question has the null path as it's From: header address, this is COMPLETELY different from the return path mentioned in RFC 2821. Really I suspect this has to do with SA looking at *MANY* headers other than just From: when checking to see if the message should be whitelisted. I suspect this message has a whitelisted domain or address in the Resent-From:, Return-Path:, Resent-Sender:, Envelope-Sender:, or in one of the Received: headers.
