Jack Gostl wrote: > I have an odd problem. I have a user receiving spam from something like > [EMAIL PROTECTED] Since he does business with verybigcompany.com, > he had them in his white list, and as expected, the spam slipped through. > > Based on the advice I got in this newsgroup, I changed him from a > straight: > > whitelist_from [EMAIL PROTECTED] > > to > > whitelist_from_rcvd [EMAIL PROTECTED] verybigcompany.com > > I think I did that right. So now the odd thing is that spam from > verybigcompany.com is coming through on my PERSONAL account even > though its > not in my whitelist. The headers show that this is a "user in whitelist" > situation. It may be happening to others, I haven't checked, but its weird > enough that its happening to me. > > Now if I haven't confused everyone, I'm open to ideas. Have you checked *all* the "from like" headers to see if any of them match your whitelist. (ie: return-path, envelope-sender, etc, etc, etc)
Have you tried running the same message through spamassassin -D to see which exact address SA matched against? > >
