> On Fri, Mar 14, 2008 at 04:47:18PM +0200, Jari > Fredriksson wrote: >>> OS: Debian Sarge >>> SpamAssassin: 3.0.3-2 >>> Problem description: >>> [EMAIL PROTECTED] sends a ham message to himself (i.e. >>> From:==To:[EMAIL PROTECTED]). Autowhiltelisting mechanism >>> adds [EMAIL PROTECTED] to the whiltelist. >>> A spammer sends spam to [EMAIL PROTECTED] from forged address >>> [EMAIL PROTECTED] >>> Spam gets through with USER_IN_WHITELIST rule. >>> The question is: how to disable autowhiltelisting in >>> case of From:==To:? >>> >>> Thanks for your help. >> >> I disabled AWL alltogether because of these. Seems to be >> an unnecessary feature to me. > > Please read this thread or some documentation, this has > nothing to do with AWL. AWL itself works just fine, if > you don't have some silly misconfigured system.
Yes, I did read the thread in a hurry.. The original poster wrote about autowhitelisting so I went in AWL mode. Anyway, I disabled AWL plugin when I got a spam with a forget sender address, my own address.. and the AWL put -14 AWL points to that... My configuration does not use SA on outgoing email, and I never receive mail from myself. Dunno why AWL had so big points on my email, but it did. I thought that AWL is useless, because all spam has random, forged sender addresses anyways, I hardly never receive spam from a same sender address twice.. No need to keep statistics on sender addresses. My configuration also has a setup, which whitelists some addresses alltogether (at maildrop level; maildrop calls spamc in my setup) so that SA is never called. The whitelists are in a text file which maildrop reads and decides if SA is called or not. I have no whitelist_from* in my SA local.cf Whitelisting mail in maildrop level allows some spam to get thru, but not too much, I can handle those. I understand that a SA whitelist_from_spf or whitelist_from_rcvd or similar would be better (more accurate) but I want to keep most of my legit email out of SA because it (SA) is so demanding on hardware.
