e they exist on the server.
USER_IN_WHITELIST is based on the sender address, and for backscatter
that's going to be on a series of random third-party domains. It seems
very unlikely that this is affecting backscatter - unless you've
whitelisted everything.
SpamAssassin doesn't short-circuit by
On Sat, 7 Oct 2017, Antony Stone wrote:
On Saturday 07 October 2017 at 16:27:00, djkraz wrote:
I have a user that is getting thousands of backscatter a minute for a
couple days now. I've tried everything I can find on the web to get
vbounce working with no luck as the user is obviously in
On Saturday 07 October 2017 at 16:27:00, djkraz wrote:
> I have a user that is getting thousands of backscatter a minute for a
> couple days now. I've tried everything I can find on the web to get
> vbounce working with no luck as the user is obviously in the whitelist
> since they exist on the
I have a user that is getting thousands of backscatter a minute for a couple
days now. I've tried everything I can find on the web to get vbounce
working with no luck as the user is obviously in the whitelist since they
exist on the server. I've tried setting the priority of vbounce higher but
Lorenzo Thurman wrote on 8/07/16 9:26 AM:
> Thanks for the info. Does anyone know how I can use whitelistfrom_rcvd? I
> can't find any clear answers via Google.
>
Excuse my typo for the correct spelling whitelist_from_rcvd.
To use it, look at the legitimate emails that you want to whitelist
Am 07.07.2016 um 23:26 schrieb Lorenzo Thurman:
Thanks for the info. Does anyone know how I can use whitelistfrom_rcvd? I can't
find any clear answers via Google.
besides the typo the same way as the other whitelist options
the only difference is the second param with is the DNS-PTR of the
"My Break-Dancing days are over, but there's always the Funky Chicken" -- The
Full Monty
> On Jul 7, 2016, at 3:57 PM, Sidney Markowitz wrote:
>
> Lorenzo Thurman wrote on 8/07/16 3:03 AM:
>>> On Jul 7, 2016, at 8:14 AM, Antony Stone
>>>
Lorenzo Thurman wrote on 8/07/16 3:03 AM:
>> On Jul 7, 2016, at 8:14 AM, Antony Stone
>> wrote:
>> \.microsoft\.com$ will match anything ending in ".microsoft.com"
RW already pointed this out, but to make sure nobody reading this thread
misses it, the
On Thu, 7 Jul 2016 10:03:37 -0500
Lorenzo Thurman wrote:
y
>
> > On Jul 7, 2016, at 8:14 AM, Antony Stone
> > wrote:
> > There's a big difference between subdomains, and domains with
> > letters in front of "microsoft".
> >
> > \.microsoft\.com$ will
"My Break-Dancing days are over, but there's always the Funky Chicken" -- The
Full Monty
> On Jul 7, 2016, at 8:14 AM, Antony Stone
> wrote:
>
> On Thursday 07 July 2016 at 15:08:44, Lorenzo Thurman wrote:
>
>>> On Jul 7, 2016, at 7:15 AM, Reindl
On Thu, 7 Jul 2016 08:08:44 -0500
Lorenzo Thurman wrote:
> >
> > well the ^ followed by .* is also pointless
>
>
> I see. Thanks for the tip,
It wasn't really a tip. The globs (wildcards) get converted into
regularly expressions that aren't quite as mimimalist as the could be
- but that's
On Thursday 07 July 2016 at 15:08:44, Lorenzo Thurman wrote:
> > On Jul 7, 2016, at 7:15 AM, Reindl Harald wrote:
> >> Am 07.07.2016 um 14:12 schrieb Joe Quinn:
> >> In addition to the above, it's easy for a spammer to register something
> >> like
On Thu, 7 Jul 2016 14:15:18 +0200
Reindl Harald wrote:
> should at least look similar to that:
> ^.*\.microsoft\.com$
>
> well the ^ followed by .* is also pointless
It's generated from a glob in the configuration.
"My Break-Dancing days are over, but there's always the Funky Chicken" -- The
Full Monty
> On Jul 7, 2016, at 7:15 AM, Reindl Harald wrote:
>
>
>
>> Am 07.07.2016 um 14:12 schrieb Joe Quinn:
>>> On 7/6/2016 11:42 PM, Bill Cole wrote:
>>> On 6 Jul 2016, at 23:10,
Am 07.07.2016 um 14:12 schrieb Joe Quinn:
On 7/6/2016 11:42 PM, Bill Cole wrote:
On 6 Jul 2016, at 23:10, lorenzo wrote:
[...]
The output from spamassassin -t -D < In-whitelist.txt gives the
answer, I believe:
address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or
blacklist regexp:
On 7/6/2016 11:42 PM, Bill Cole wrote:
On 6 Jul 2016, at 23:10, lorenzo wrote:
[...]
The output from spamassassin -t -D < In-whitelist.txt gives the
answer, I believe:
address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or
blacklist regexp: ^.*microsoft\.com$
Very sneaky. I think I
On 6 Jul 2016, at 23:10, lorenzo wrote:
[...]
The output from spamassassin -t -D < In-whitelist.txt gives the
answer, I believe:
address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or
blacklist regexp: ^.*microsoft\.com$
Very sneaky. I think I can handle this one from here.
Thanks
> On Jul 6, 2016, at 8:50 PM, Bill Cole
> <sausers-20150...@billmail.scconsult.com> wrote:
>
> On 6 Jul 2016, at 21:13, Lorenzo Thurman wrote:
>
>> I’ve been receiving some spam where spamassassin identifies the sender with
>> USER_IN_WHITELIST. These senders
On 6 Jul 2016, at 21:58, David B Funk wrote:
> On Wed, 6 Jul 2016, Lorenzo Thurman wrote:
>
>> I’ve been receiving some spam where spamassassin identifies the sender with
>> USER_IN_WHITELIST. These senders (or domains) are
>> most definitely not in my whiteli
On Wed, 6 Jul 2016, Lorenzo Thurman wrote:
I’ve been receiving some spam where spamassassin identifies the sender with
USER_IN_WHITELIST. These senders (or domains) are
most definitely not in my whitelist. How can I get around this problem?Thanks
SpamAssassin comes with some built
On 6 Jul 2016, at 21:13, Lorenzo Thurman wrote:
I’ve been receiving some spam where spamassassin identifies the
sender with USER_IN_WHITELIST. These senders (or domains) are most
definitely not in my whitelist. How can I get around this problem?
There are so many relevant variables
I’ve been receiving some spam where spamassassin identifies the sender with
USER_IN_WHITELIST. These senders (or domains) are most definitely not in my
whitelist. How can I get around this problem?
Thanks
John Hardin wrote:
On Tue, 19 Jun 2012, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score
RW wrote:
On Tue, 19 Jun 2012 19:14:11 -0400
Jeff Mincy wrote:
From: RW rwmailli...@googlemail.com
Date: Tue, 19 Jun 2012 23:43:57 +0100
If used sensibly USER_IN_WHITELIST is probably the most reliable
rule we have, for the overwhelming majority of addresses it's far
more
RW wrote:
On Wed, 20 Jun 2012 03:25:53 +0200
Benny Pedersen wrote:
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the smtp auth
password here postfix dont agree with you, if sender
On Wed, 20 Jun 2012 11:33:49 +0200
Per Jessen wrote:
RW wrote:
On Wed, 20 Jun 2012 03:25:53 +0200
Benny Pedersen wrote:
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the
My suggestion was intended to minimize the effect on existing
behavior. I agree, it would probably be a very good idea to allow
whitelist_from to be scored differently than the other whitelist
variants, and to ship it with a smaller default score, but that change
is fairly disruptive.
On 6/20/2012 8:05 AM, Greg Troxel wrote:
I would like to see...
As an open source project, we encourage people to submit patches and
step up to coding on the project.
You can really start small with one line patches and I'll do my best to
support you.
Regards,
KAM
On Wed, 20 Jun 2012 11:22:08 +0200
Per Jessen wrote:
RW wrote:
Not if someone sends an email through a different mail system,
I think that is what whitelist_allows_relays is intended to take
care of.
If it made a difference to the case I was referring to then it would
effectively turn
Den 2012-06-20 14:05, Greg Troxel skrev:
That way I could do:
whitelist_from -5 f...@yahoo.com
AWL plugin basicly could be extended to use dkim/spf and more bound to
whitelist_* so the awl score is more live calculated, with default awl
its bound to 0.0.x.x/16 but it could be changed to
RW wrote:
On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote:
RW wrote:
What I mean is that if I whitelist a private email address, the
chances of a spammer ever sending me a spam spoofing that address is
very small.
Happened to me twice only yesterday - somebody sent me mails
Den 2012-06-20 18:38, Flemming Jacobsen skrev:
Because you use email to send yourself reminder notes or small
files. I have addresses on several distinct systems (private,
work, google, user group, ...).
And I whitelist them because I do not want mail to get lost.
with shared imap folders
On Wed, 20 Jun 2012 18:38:49 +0200
Flemming Jacobsen wrote:
RW wrote:
On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote:
RW wrote:
What I mean is that if I whitelist a private email address, the
chances of a spammer ever sending me a spam spoofing that
address is very small.
Hey
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should USER_IN_WHITELIST
not be ignored/neutral
On 6/19/2012 4:21 PM, Flemming Jacobsen wrote:
Hey
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed
Den 2012-06-19 22:21, Flemming Jacobsen skrev:
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should USER_IN_WHITELIST
not be ignored/neutral (not sure of the terminology here)?
nope
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score, or
is whitelist_from planned for removements ?
On 06/19/2012 11:34 PM, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score
On Tue, 19 Jun 2012, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score
(USER_IN_WHITELIST SPF_FAIL)
score WHITELIST_INSECURE_SPF 50
but since Flemming did not provide an sample there might be other
options, eg why accept spf_fail in mta ?
nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score, or is
whitelist_from planned for removements ?
It's needed for whan none of the other more-strict whitelist options will
work, so we can't get just rid of it.
True.
I'd suggest
the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default
score, or is whitelist_from planned for removements ?
It's needed for whan none of the other more-strict whitelist
options
:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default
score
On Tue, 19 Jun 2012, Jeff Mincy wrote:
From: John Hardin jhar...@impsec.org
I'd suggest instead a lint warning if it is used, alerting the admin that
it's discouraged and that it has problems like this and is very easy to
spoof.
How about creating a different score for whitelist_from
On Tue, 19 Jun 2012, Flemming Jacobsen wrote:
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should
On Tue, 19 Jun 2012 19:14:11 -0400
Jeff Mincy wrote:
From: RW rwmailli...@googlemail.com
Date: Tue, 19 Jun 2012 23:43:57 +0100
If used sensibly USER_IN_WHITELIST is probably the most reliable
rule we have, for the overwhelming majority of addresses it's far
more accurate than spf
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the smtp auth
password here postfix dont agree with you, if sender uses something
belongs to my domain i may start asking for passwords, this
On Wed, 20 Jun 2012 03:25:53 +0200
Benny Pedersen wrote:
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the smtp auth
password here postfix dont agree with you, if sender uses something
an email as the root user to my
legitimate email account, it is not getting scored.
I have explicitly entered:
score USER_IN_WHITELIST -100
in my local.cf. I have also disabled the AWL plugin. However, no matter
what I do, it still won't score -100. The recipient's user_prefs is
completely empty
boogybren wrote:
Any suggestions would be greatly appreciated. Attached is my local.cf
Simple solution, but you may not have tried it...restart spamassassin
--
Dan Schaefer
Application Developer
Performance Administration Corp.
Application Developer
Performance Administration Corp.
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24428665.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Fri, 10 Jul 2009, boogybren wrote:
My local root user sends me nightly emails with mail/spam statistics and
information. Because of the spam information contained in the email, it
sometimes flagged as spam itself.
I would suggest you look into MTA configs that will allow you to
U.S. 437, 448 (1905)
---
10 days until the 40th anniversary of Apollo 11 landing on the Moon
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24432060.html
Sent from
On Fri, 10 Jul 2009, boogybren wrote:
I have been wanting to do something like that but haven't done the
legwork to figure it out.
I will certainly look up how to do this in sendmail. Do you have any
suggestions?
We also need to know how you're gluing SA into your mailer chain.
Procmail?
on the Moon
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24432408.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Fri, 10 Jul 2009, boogybren wrote:
Am using procmail.
Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA
ruleset that skips mail originating from localhost. If you need help
generalizing that for your situation, contact me offlist.
Also, try to stop top-posting.
On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote:
My local root user sends me nightly emails with mail/spam statistics and
information. Because of the spam information contained in the email, it
sometimes flagged as spam itself.
In my local.cf, I have put the root user's
On Fri, 2009-07-10 at 11:30 -0700, John Hardin wrote:
On Fri, 10 Jul 2009, an anonymous Nabble user wrote:
Am using procmail.
Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA
ruleset that skips mail originating from localhost. If you need help
generalizing that
(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8?
c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
}}}
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24434950.html
Sent from the SpamAssassin - Users
From: Karsten Bräckelmann guent...@rudersport.de
Date: Fri, 10 Jul 2009 23:43:03 +0200
On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote:
My local root user sends me nightly emails with mail/spam statistics and
information. Because of the spam information
On Fri, 2009-07-10 at 14:53 -0700, an anonymous Nabble user wrote:
Here are the headers:
Return-Path: r...@myphonydomain.com
X-Spam-Tests:
* -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score:
On Fri, 2009-07-10 at 17:59 -0400, Jeff Mincy wrote:
Don't use the un-constrained whitelist_from, unless as a last resort, if
there's no other way and you cannot use the proper constrained ones,
like whitelist_from_rcvd.
A local root sender should be getting ALL_TRUSTED.
(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8?
c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
}}}
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24435281.html
Sent from the SpamAssassin - Users
On Fri, 10 Jul 2009, boogybren wrote:
Thanks Karsten.
myphonydomain.com is just that, phony :-). I am using it in lieu of my
real domain.
The example.com domain is explicitly reserved for that purpose. If you
use example.com in the future, people will know that you are sanitizing
your
On Fri, 2009-07-10 at 15:30 -0700, an anonymous Nabble user wrote:
Thanks Karsten.
So it actually was a typo preventing the whitelist option from working?
myphonydomain.com is just that, phony :-). I am using it in lieu of my real
domain.
So I figured. Bad idea nonetheless, makes debugging
Dear users !
I`m using exim + spamd + user_prefs in mysql. All works fine.
But I found a bug, when I`m using whitelist, and header rcpt to: have
address with character description, whitelist failed to catch it in
database. For example:
1st message:
spamd: clean message (-91.7/10.0) for
Bug wrote:
Dear users !
I`m using exim + spamd + user_prefs in mysql. All works fine.
But I found a bug, when I`m using whitelist, and header rcpt to: have
address with character description, whitelist failed to catch it in
database. For example:
1st message:
spamd: clean message
Thank you Matt!
Your letter helped me to understand my problem better.
I`m not using sa-spamc, my exim using ACL spam, that connects directly
to spamd ip/port.
My founded solution was described in Exim FAQ:
A0512: Envelope-To: is added at delivery time, by the transport.
Therefore, the
Lately, we've been getting a bunch of spam with negative scores because it
has triggered USER_IN_WHITELIST but we don't use whitelist_from*. About 2
weeks ago I removed whitelist_from_rcvd. Could it still be triggering it.
Maybe the spam was sent a few weeks ago and just now being deliver
Nevermind. Someone has whitelisted our url in user-prefs.
robanna wrote:
Lately, we've been getting a bunch of spam with negative scores because it
has triggered USER_IN_WHITELIST but we don't use whitelist_from*. About 2
weeks ago I removed whitelist_from_rcvd. Could it still
Why does spam continually get a hit on this rule? I noticed a lot more
spam coming in off the upgrade to 3.2.4. Are spammers getting crafty with
their mail messages to appear as coming from myself TO myself? I could
always reduce the adjustment that USER_IN_WHITELIST makes. However, I'd like
Matthew Goodman wrote:
Why does spam continually get a “hit” on this rule? I noticed a lot
more spam coming in off the upgrade to 3.2.4. Are spammers getting
crafty with their mail messages to appear as coming from myself TO
myself? I could always reduce the adjustment that USER_IN_WHITELIST
Andrew Xiang wrote:
I have many users in the whitelist_from in the local.cf.
When I get forwarded spam email like this, how do I find which one it
matched?
If you want to know for sure, you can run it through spamassassin -D and
wade through the debug output.
my guess is you've got a
: No, score=-72.0 required=5.0 tests=BAYES_50,DCC_CHECK,
DIGEST_MULTIPLE,DRUGS_ERECTILE,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,
RAZOR2_CHECK,SARE_FROM_DRUGS,UNPARSEABLE_RELAY,USER_IN_WHITELIST autolearn=no
version=3.2.1
X-Spam
On Mon, 2007-10-22 at 11:46 -0400, Andrew Xiang wrote:
I have many users in the whitelist_from in the local.cf.
When I get forwarded spam email like this, how do I find which one it
matched? Which FROM entry is it actually looking at?
See the section Whitelist and Blacklist options in the
or whitelist_from_rcvd?
Thanks!
On Sun, 2007-07-15 at 20:26 -0400, Matt Kettler wrote:
Lindsay nHaisley wrote:
I've recently discovered a couple of emails tagged by SA (v3.2.1-gr1)
with USER_IN_WHITELIST and assigned score components of -100 accordingly
according to 50_scores.cf on the basis of a call
On Mon, Jul 16, 2007 at 01:38:22AM -0500, Lindsay Haisley wrote:
override these. Does blacklist_from take precedence over whitelist_from
or whitelist_from_rcvd?
Whitelists and blacklists are independent, ie: no precedence involved.
You could have both hit on a message for a +100 - 100 = 0
I've recently discovered a couple of emails tagged by SA (v3.2.1-gr1)
with USER_IN_WHITELIST and assigned score components of -100 accordingly
according to 50_scores.cf on the basis of a call to
eval:check_from_in_whitelist() in 60_whitelist.cf.
I would assume that this would only be possible
Lindsay Haisley wrote:
I've recently discovered a couple of emails tagged by SA (v3.2.1-gr1)
with USER_IN_WHITELIST and assigned score components of -100 accordingly
according to 50_scores.cf on the basis of a call to
eval:check_from_in_whitelist() in 60_whitelist.cf.
I would assume
[EMAIL PROTECTED] says...
Alexis Manning wrote:
It seems that if USER_IN_WHITELIST is triggered then the message won?t
be auto-learned.
That is incorrect, however USER_IN_WHITELIST does not count toward any
autolearning decisions.
[...]
As far as the autolearner is concerned
It seems that if USER_IN_WHITELIST is triggered then the message won't be
auto-learned.
X-Spam-Status: No, score=-100.0 required=7.5tests=BAYES_50=0.001,
HTML_MESSAGE=0.001,USER_IN_WHITELIST=-100 autolearn=no
version=3.1.7
I have a fair number of people in my whitelist and I
Alexis Manning wrote:
It seems that if USER_IN_WHITELIST is triggered then the message won’t
be auto-learned.
That is incorrect, however USER_IN_WHITELIST does not count toward any
autolearning decisions. The primary reason being that whitelists are
often misconfigured the first time around
Which rule sets this ? I have grep'd through /etc/mail/spamassassin and the
variable is used but does not seem to get set anywhere ?
--
--[ UxBoD ]--
// PGP Key: curl -s http://www.splatnix.net/uxbod.asc | gpg --import
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8
//
--[ UxBoD ]-- a écrit :
Which rule sets this ? I have grep'd through /etc/mail/spamassassin and the
variable is used but does not seem to get set anywhere ?
Hi,
Have a look in /usr/share/spamassassin.
There is 60_whitelist.cf for rules and about scores it s in 50_scores.cf
BUT it's
I have just performed a brand new server install with SA 3.2.0 and I noticed a
email this morning that had scored -94. I do not know the sender domain, so
looked at how it had been scored and noticed that the rule USER_IN_WHITELIST
had been hit with a -100.
On Tue, 15 May 2007 10:35:35 +0200
that the rule USER_IN_WHITELIST
had been hit with a -100.
On Tue, 15 May 2007 10:35:35 +0200, Cedric BUSCHINI [EMAIL PROTECTED] wrote:
--[ UxBoD ]-- a écrit :
Which rule sets this ? I have grep'd through /etc/mail/spamassassin and
the variable is used but does not seem to get set
with SA 3.2.0 and I
noticed a email this morning that had scored -94. I do not know the sender
domain, so looked at how it had been scored and noticed that the rule
USER_IN_WHITELIST had been hit with a -100.
On Tue, 15 May 2007 10:35:35 +0200, Cedric BUSCHINI [EMAIL PROTECTED]
wrote:
--[ UxBoD
scored -94. I do not know the sender
domain, so looked at how it had been scored and noticed that the rule
USER_IN_WHITELIST had been hit with a -100.
On Tue, 15 May 2007 10:35:35 +0200, Cedric BUSCHINI [EMAIL PROTECTED]
wrote:
--[ UxBoD ]-- a écrit :
Which rule sets this ? I have grep'd
Sherman Lilly wrote:
[Snipped text about forged mail from own domains whitelisted...]
I was looking on the net and I came across a plugin on spamassassin I don't
think i have loaded. Will the SPF plugin help with this problem?
If you publish SPF records for your domains, you can use
René Berber wrote:
Sherman Lilly wrote:
[snip]
I get why they are getting through. They are spoofing the Return-Path.
Is there any way to remedy this problem?
Depends on your server. For sendmail there is:
http://ultra.ap.krakow.pl/~raj/sendmail/english.html
the
As of last Wednesday I am having this problem. In fact it's more then
just USER_IN_WHITELIST, I am getting many reports of incorrect
USER_IN_BLACKLIST.
No I don't whitelist my domain.
Yes I checked the To/From/ReplyTo/EnvelopeFrom/etc.
No the users don't have whitelist/blacklist entries
Sherman Lilly wrote:
I was looking on the net and I came across a plugin on spamassassin I don't
think i have loaded. Will the SPF plugin help with this problem?
Yes... *if* you replace whitelist_from with whitelist_from_spf
Alternatively you can try something like this:
whitelist_from_rcvd
Ok I have an update. I picked a message that was getting marked
USER_IN_WHITELIST once every 5 or so messages. I took the from address
and added this code to Perl..Mail\SpamAssassin\EvalTests.pm
if ($addr =~ qr/$regexp/i) {
dbg(rules: address $addr matches whitelist or blacklist
Will Nordmeyer wrote:
René Berber wrote:
Sherman Lilly wrote:
[snip]
I get why they are getting through. They are spoofing the Return-Path.
Is there any way to remedy this problem?
Depends on your server. For sendmail there is:
http://ultra.ap.krakow.pl/~raj/sendmail/english.html
I have spam getting through that would get filtered if they were not
getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist but
no of these spam email have anything close to my whitelist.
I am using the latest version of spamassassin and update my rules daily. I
have also
Sherman Lilly wrote:
I have spam getting through that would get filtered if they were not
getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist but
no of these spam email have anything close to my whitelist.
Yes they do, otherwise you wouldn't see USER_IN_WHITELIST hitting
Well, I certainly don't mean to be argumentative about this, but over
the weekend, I had to set USER_IN_WHITELIST score to 0 due to the number
of false hits it was receiving. Seeing as I am the only one here who
has the ability to add and remove from whitelists or blacklists, I have
a pretty good
Drew Burchett wrote:
Well, I certainly don't mean to be argumentative about this, but over
the weekend, I had to set USER_IN_WHITELIST score to 0 due to the number
of false hits it was receiving. Seeing as I am the only one here who
has the ability to add and remove from whitelists
On Monday 22 January 2007 11:39, you wrote:
Sherman Lilly wrote:
I have spam getting through that would get filtered if they were not
getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist
but no of these spam email have anything close to my whitelist.
Yes they do
Do you have some example headers?
This is a legitimate email, but it got flagged as USER_IN_WHITELIST
while CNN is not listed in my whitelist:
Received: from cnnimail33.turner.com (cnnimail33.turner.com
[64.236.25.90])
by spamfilter.onlineky.net (Postfix) with ESMTP id 2FB331757E
1 - 100 of 129 matches
Mail list logo