Chris Edwards wrote: > Hello! > > Praise... > > I have not used spamassassin for several years. I switched companies > recently and they were getting killed with spam. I have really > enjoyed relearning spamassassin and reading the mailing list. > Spamassassin has done and incredible job of reducing the amount of > spam coming into the company. I just wanted to say thanks to all of > you who have had a hand in developing this awesome program! > > Ok, now my question... > > My company has several other companies that it does business with and > I want to put those companies and all the domains we own into a white > list. Can I find the needed information in the headers of an email to > create a whitelist_from_rcvd entry in local.cf? If so, what > information do I need? If not, where would I go about finding it. whitelist_from_rcvd needs to match two parts:
1) A "From" address. This could be the From: header, but could also be a Return-Path, Envelope-Sender, or similar header with the Envelope "Mail FROM" recorded in it. Which one you pick for most cases doesn't matter, but matching a Return-Path is useful for public mailing lists where the From: header changes constantly, but the Return-Path is always the list server. Note: you can use file-glob style wildcards for the addresses here. ie: [EMAIL PROTECTED] 2) The Reverse DNS hostname for the host that delivered the message to your network. So find the Received: header your MX added. Then grab the hostname that appears before the IP address. For example, let's look at one header that apache.org added: Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Oct 2006 10:14:47 -0800 In this case herse.apache.org is the reverse DNS hostanme. Note: you don't have to match the whole hostname. You can use a substring like "apache.org" and it will match "herse.apache.org" or "example.apache.org". Nine times out of ten, a whitelist_from_rcvd simply looks like: whitelist_from_rcvd [EMAIL PROTECTED] example.com But it never hurts to check the headers, as some folks use servers that have non-matching domain names to send. (typical when a server is used for multiple domains. It can only RDNS as one of them...) > > Thanks! > > --- > > Chris Edwards > >
