Lorenzo Thurman wrote on 8/07/16 3:03 AM: >> On Jul 7, 2016, at 8:14 AM, Antony Stone >> <antony.st...@spamassassin.open.source.it> wrote: >> \.microsoft\.com$ will match anything ending in ".microsoft.com"
RW already pointed this out, but to make sure nobody reading this thread misses it, the above is wrong because whitelist does not use regexps. See https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html#whitelist_and_blacklist_options where it says "Whitelist and blacklist addresses are now file-glob-style patterns, so fri...@somewhere.com, *@isp.com, or *.domain.net will all work. Specifically, * and ? are allowed, but all other metacharacters are not. Regular expressions are not used for security reasons. Matching is case-insensitive. Multiple addresses per line, separated by spaces, is OK. Multiple whitelist_from lines are also OK." Notice the last example there. Spamassassin is parsing out the email addresses and matching them with the patterns so you don't have to do tricky stuff like *@*.microsoft.com. Specifically, you can use whitelist_from *@microsoft.com *.microsoft.com which will match what you want but will not match anyth...@onmicrosoft.com and will not match foo.microsoft....@example.com As the page also points out if you can figure out how to use whitelistfrom_rcvd instead of whitelist_from it will protect against spammers spoofing the From address. Whether you can do that depends on whether the domain you are whitelisting has restrictions on what servers can send mail for it. Sidney
