On Thu, 21 Sep 2006, Salatiel Filho wrote:
What would be the main difference between whitelist_from_spf and whitelist_from ?
They both do the same thing, except 'whitelist_from_spf' checks that the message came from a legitimate (according to SPF) server for the whitelisted domain, and ONLY IF the SPF record shows it came from a real server will the 'whitelist_from_spf' entry apply. If there is no SPF record, 'whitelist_from_spf' will do nothing. To put it another way, 'whitelist_from_spf' only whitelists authenticated messages; all the rest of them it ignores; 'whitelist_from' whitelists any matching pattern, forged or not. The upshot is that if the message is forged, 'whitelist_from_spf' doesn't whitelist it. Also, 'whitelist_from_spf' doesn't whitelist it if there is no SPF record for the appropriate domain. As an aside, SpamAssassin needs to be able to determine the envelope sender for SPF to work. - Logan
