Hi Anthony, I was using Openprotect's SARE update channel for my standard sare rules. I am not sure exactly what the issue was, but believe it was due to a redefined "USER_IN_WHITELIST" that they have somewhere in their rule set.
To correct the issue, I removed all cf files that were updated from this channel (everything in /var/lib/spamassassin). I have now setup my own script to update the standard SARE rule sets that I believe are useful for my clients. Testing after these changes clearly shows the whitelist hits, without any impact on the spam blocking (no extra spam is getting through). Regards, Mark On Fri, Mar 30, 2007 at 08:50:12AM +0100, Anthony Peacock wrote: > Hi Mark, > > Can you be more specific? > > Was someone/thing changing your whitelist file? > > Mark Adams wrote: > >Hi All, > > > >I would like to note that this problem has been corrected, and was due > >to an external automatic updating source. > > > >Thanks for all the help that has been provided. > > > >Regards, > >Mark > > > >On Thu, Mar 29, 2007 at 03:50:52PM +0100, Mark Adams wrote: > >>I have changed my reporting template, and now get this information > >> > >>Content analysis details: (4.0 points, 5.0 required) > >> > >> pts rule name description > >>---- ---------------------- > >>-------------------------------------------------- > >> 0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix > >> variant) > >> 3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive > >> vowels) > >> > >>So the whitelisting is definatly not working. > >> > >>A lint of the file shows it is reading the cf file, and I have checked > >>the whitelist_from entry is correct a thousand times. Does anyone have > >>any idea what could be going on here? > >> > >>On Wed, Mar 28, 2007 at 07:52:20PM +0100, Mark Adams wrote: > >>>Thanks, I did run exactly that, and got the output that I posted. Do you > >>>have any idea why I might be getting such a limited output? > >>> > >>>What do you have set for reporting purposes in your local.cf file? > >>> > >>>Regards, > >>>Mark > >>> > >>>On Wed, Mar 28, 2007 at 01:31:16PM -0500, maillist wrote: > >>>>Mark Adams wrote: > >>>>>>You could run: "spamassassin --test-mode < message", and see what it > >>>>>>is scoring. > >>>>>> > >>>>>> > >>>>>Hi There, > >>>>> > >>>>>I have tried this, and get the below result. > >>>>> > >>>>>------_=_NextPart_001_01C7710E.58A560A4-- > >>>>>hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7 > >>>>> > >>>>>This does not show whitelist hits, should it? > >>>>> > >>>>>Regards, > >>>>>Mark > >>>>> > >>>>> > >>>>Yes, if you run "spamassassin --test-mode < message", it should show > >>>>something like this: > >>>> > >>>>Content analysis details: (-104.0 points, 7.0 required) > >>>> > >>>>pts rule name description > >>>>---- ---------------------- > >>>>-------------------------------------------------- > >>>>-1.0 SPF_HELO_PASS SPF: HELO matches SPF record > >>>>-100 USER_IN_WHITELIST From: address is in the user's white-list > >>>>-3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > >>>> [score: 0.0000] > >>>> > >>>>-=Aubrey=- > > > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "If you have an apple and I have an apple and we exchange apples > then you and I will still each have one apple. But if you have an > idea and I have an idea and we exchange these ideas, then each of us > will have two ideas." -- George Bernard Shaw
