Glenn Terjesen wrote:
Thanks for reply but we cant use any of these plugins:
whitelist_from_dkim, whitelist_from_spf, whitelist_from_dk,
whitelist_auth
Because our users and our customers users send from smarthosts all over
the world wich don't have spf or dk or sends via exs internet providers
mta.
Then you really need to find a way to handle whitelisting your customers
at some other level. whitelist_from is not a viable option for your own
domain, and hasn't been for years. whitelist_from_rcvd was created due
to this exact problem, and it was added years ago, probably 8 years or
more. If whitelist_from was a known problem then, it's still a known
problem now.
I'd suggest you drop the whitelist_from. Then find some way at the layer
that calls spamassassin to distinguish between valid email from your
customers, and email from the outside world, and only call SA for email
from the outside world. This has the added benefit of saving a lot of
CPU time wasted processing email from your customers.
Presumably when your customers send direct via your server they're using
some kind of SMTP auth, so you should be able to leverage that. It won't
whitelist them if they email themselves via their ISP's mta, but there's
not much you can do there without making your system wide-open to spammers.
