On 13 Sep 2006 at 10:21, Matt Kettler wrote: > Beginner wrote: > > > I hope that 3.0.3 version is the one that Debian patched to fix the > two security holes that exist in the original 3.0.3. (AFAIK Debian did > backport the fixes, and made a 3.0.3-x release) > > See: http://wiki.apache.org/spamassassin/Security
I wasn't aware of this but am looking into it now. > > Well, first, realize this is the AWL, which is called the "auto > whitelist" but it's NOT really a whitelist. It's a score-averager that > results in automatic white and blacklist behaviors. > > I would not depend on it to auto-fix problems with particular senders. > It's intended to fix problems where a sender you frequently > communicate with occasionally sends a message that's slightly > spam-like in appearance. It cannot fix problems of a constant nature, > as these will just fold into the averages. > > See > http://wiki.apache.org/spamassassin/AutoWhitelist > > and: > http://wiki.apache.org/spamassassin/AwlWrongWay Does that mean the only way to whitelist senders is manually via the local.cf as I have disabled user_prefers? If so, what would be the best method allow mortal users (via http) to whitelist senders. I had been using `$f->add_address_to_whitelist ($addr)` but that seems to specifically add them to the whitelist DB. > As for extracting the AWL, you'll need the check-whitelist script. > This comes in the source tarball in the tools directory, but most > distro-packages do not install it. You can get it by downloading the > 3.0.3 tarball from: http://archive.apache.org/dist/spamassassin/ Perhaps this is no longer necessary. What I really need is a way to ensure that someone reports that so-and-so's mail is being bounced I can ensure their emails get through regardless. Any other thoughts?
