MySQL Student wrote:
Hi all,
Some time ago someone had mentioned to never use whitelist_from but
instead use whitelist_from_rcvd. Where is whitelist_from_rcvd
documented? It doesn't appear in the SA docs in the same place that
whitelist_from is listed.
So, forever I have been using whitelist_from and have probably a
thousand entries. Given that it doesn't appear to be well documented,
Is it okay to do a one-to-one translation of my whitelist_from rules
to whitelist_from_rcvd?
Do these entries have to be in local.cf, or can I create a
whitelist_from.cf file to place them in?
Thanks,
Alex
It is documented on the Mail::SpamAssassin::Conf man page just like
whitelist_from.
------------------------------------------
whitelist_from_rcvd a...@lists.sourceforge.net sourceforge.net
Use this to supplement the whitelist_from addresses with a check against
the Received headers. The first parameter is the
address to whitelist, and the second is a string to match the relay’s rDNS.
This string is matched against the reverse DNS lookup used during the
handover from the internet to your internal network’s
mail exchangers. It can either be the full hostname, or the domain
component of that hostname. In other words, if the
host that connected to your MX had an IP address that mapped to
’sendinghost.spamassassin.org’, you should specify "send-
inghost.spamassassin.org" or just "spamassassin.org" here.
Note that this requires that "internal_networks" be correct. For simple
cases, it will be, but for a complex network you
may get better results by setting that parameter.
It also requires that your mail exchangers be configured to perform DNS
reverse lookups on the connecting host’s IP
address, and to record the result in the generated Received: header.
e.g.
whitelist_from_rcvd j...@example.com example.com
whitelist_from_rcvd *...@axkit.org sergeant.org
------------------------------------------
You can't just do a simple switch from one to another. You have to look
at each address and determine where the mail will be coming from. This
way you are only whitelisting mail from that address if it comes from
the correct servers.
You can also use "whitelist_auth" (described a bit further down on the
same man page) to whitelist addresses from domains that use SPF, Domain
Keys, or DKIM, assuming you have the SPF and DKIM Perl modules installed
(I'm too lazy to look up the module names at the moment).
--
Bowie
