Re: USER_IN_WHITELIST shortcircuits VBOUNCE, please help...

e they exist on the server. USER_IN_WHITELIST is based on the sender address, and for backscatter that's going to be on a series of random third-party domains. It seems very unlikely that this is affecting backscatter - unless you've whitelisted everything. SpamAssassin doesn't short-circuit by

Re: USER_IN_WHITELIST shortcircuits VBOUNCE, please help...

On Sat, 7 Oct 2017, Antony Stone wrote: On Saturday 07 October 2017 at 16:27:00, djkraz wrote: I have a user that is getting thousands of backscatter a minute for a couple days now. I've tried everything I can find on the web to get vbounce working with no luck as the user is obviously in

Re: USER_IN_WHITELIST shortcircuits VBOUNCE, please help...

On Saturday 07 October 2017 at 16:27:00, djkraz wrote: > I have a user that is getting thousands of backscatter a minute for a > couple days now. I've tried everything I can find on the web to get > vbounce working with no luck as the user is obviously in the whitelist > since they exist on the

USER_IN_WHITELIST shortcircuits VBOUNCE, please help...

I have a user that is getting thousands of backscatter a minute for a couple days now. I've tried everything I can find on the web to get vbounce working with no luck as the user is obviously in the whitelist since they exist on the server. I've tried setting the priority of vbounce higher but

Re: USER_IN_WHITELIST

Lorenzo Thurman wrote on 8/07/16 9:26 AM: > Thanks for the info. Does anyone know how I can use whitelistfrom_rcvd? I > can't find any clear answers via Google. > Excuse my typo for the correct spelling whitelist_from_rcvd. To use it, look at the legitimate emails that you want to whitelist

Re: USER_IN_WHITELIST

Am 07.07.2016 um 23:26 schrieb Lorenzo Thurman: Thanks for the info. Does anyone know how I can use whitelistfrom_rcvd? I can't find any clear answers via Google. besides the typo the same way as the other whitelist options the only difference is the second param with is the DNS-PTR of the

Re: USER_IN_WHITELIST

"My Break-Dancing days are over, but there's always the Funky Chicken" -- The Full Monty > On Jul 7, 2016, at 3:57 PM, Sidney Markowitz wrote: > > Lorenzo Thurman wrote on 8/07/16 3:03 AM: >>> On Jul 7, 2016, at 8:14 AM, Antony Stone >>>

Re: USER_IN_WHITELIST

Lorenzo Thurman wrote on 8/07/16 3:03 AM: >> On Jul 7, 2016, at 8:14 AM, Antony Stone >> wrote: >> \.microsoft\.com$ will match anything ending in ".microsoft.com" RW already pointed this out, but to make sure nobody reading this thread misses it, the

Re: USER_IN_WHITELIST

On Thu, 7 Jul 2016 10:03:37 -0500 Lorenzo Thurman wrote: y > > > On Jul 7, 2016, at 8:14 AM, Antony Stone > > wrote: > > There's a big difference between subdomains, and domains with > > letters in front of "microsoft". > > > > \.microsoft\.com$ will

Re: USER_IN_WHITELIST

"My Break-Dancing days are over, but there's always the Funky Chicken" -- The Full Monty > On Jul 7, 2016, at 8:14 AM, Antony Stone > wrote: > > On Thursday 07 July 2016 at 15:08:44, Lorenzo Thurman wrote: > >>> On Jul 7, 2016, at 7:15 AM, Reindl

Re: USER_IN_WHITELIST

On Thu, 7 Jul 2016 08:08:44 -0500 Lorenzo Thurman wrote: > > > > well the ^ followed by .* is also pointless > > > I see. Thanks for the tip, It wasn't really a tip. The globs (wildcards) get converted into regularly expressions that aren't quite as mimimalist as the could be - but that's

Re: USER_IN_WHITELIST

On Thursday 07 July 2016 at 15:08:44, Lorenzo Thurman wrote: > > On Jul 7, 2016, at 7:15 AM, Reindl Harald wrote: > >> Am 07.07.2016 um 14:12 schrieb Joe Quinn: > >> In addition to the above, it's easy for a spammer to register something > >> like

Re: USER_IN_WHITELIST

On Thu, 7 Jul 2016 14:15:18 +0200 Reindl Harald wrote: > should at least look similar to that: > ^.*\.microsoft\.com$ > > well the ^ followed by .* is also pointless It's generated from a glob in the configuration.

Re: USER_IN_WHITELIST

"My Break-Dancing days are over, but there's always the Funky Chicken" -- The Full Monty > On Jul 7, 2016, at 7:15 AM, Reindl Harald wrote: > > > >> Am 07.07.2016 um 14:12 schrieb Joe Quinn: >>> On 7/6/2016 11:42 PM, Bill Cole wrote: >>> On 6 Jul 2016, at 23:10,

Re: USER_IN_WHITELIST

Am 07.07.2016 um 14:12 schrieb Joe Quinn: On 7/6/2016 11:42 PM, Bill Cole wrote: On 6 Jul 2016, at 23:10, lorenzo wrote: [...] The output from spamassassin -t -D < In-whitelist.txt gives the answer, I believe: address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or blacklist regexp:

Re: USER_IN_WHITELIST

On 7/6/2016 11:42 PM, Bill Cole wrote: On 6 Jul 2016, at 23:10, lorenzo wrote: [...] The output from spamassassin -t -D < In-whitelist.txt gives the answer, I believe: address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or blacklist regexp: ^.*microsoft\.com$ Very sneaky. I think I

Re: USER_IN_WHITELIST

On 6 Jul 2016, at 23:10, lorenzo wrote: [...] The output from spamassassin -t -D < In-whitelist.txt gives the answer, I believe: address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or blacklist regexp: ^.*microsoft\.com$ Very sneaky. I think I can handle this one from here. Thanks

Re: USER_IN_WHITELIST

> On Jul 6, 2016, at 8:50 PM, Bill Cole > <sausers-20150...@billmail.scconsult.com> wrote: > > On 6 Jul 2016, at 21:13, Lorenzo Thurman wrote: > >> I’ve been receiving some spam where spamassassin identifies the sender with >> USER_IN_WHITELIST. These senders

Re: USER_IN_WHITELIST

On 6 Jul 2016, at 21:58, David B Funk wrote: > On Wed, 6 Jul 2016, Lorenzo Thurman wrote: > >> I’ve been receiving some spam where spamassassin identifies the sender with  >> USER_IN_WHITELIST. These senders (or domains) are >> most definitely not in my whiteli

Re: USER_IN_WHITELIST

On Wed, 6 Jul 2016, Lorenzo Thurman wrote: I’ve been receiving some spam where spamassassin identifies the sender with  USER_IN_WHITELIST. These senders (or domains) are most definitely not in my whitelist. How can I get around this problem?Thanks SpamAssassin comes with some built

Re: USER_IN_WHITELIST

On 6 Jul 2016, at 21:13, Lorenzo Thurman wrote: I’ve been receiving some spam where spamassassin identifies the sender with USER_IN_WHITELIST. These senders (or domains) are most definitely not in my whitelist. How can I get around this problem? There are so many relevant variables

USER_IN_WHITELIST

I’ve been receiving some spam where spamassassin identifies the sender with USER_IN_WHITELIST. These senders (or domains) are most definitely not in my whitelist. How can I get around this problem? Thanks

Re: USER_IN_WHITELIST and SPF_FAIL

John Hardin wrote: On Tue, 19 Jun 2012, Benny Pedersen wrote: Den 2012-06-19 22:39, Kevin A. McGrail skrev: I think that's the concept behind the whitelist_from_spf but some use whitelist_from, its nothing new there :=) can user_in_whitelist be changed to not have -100 as default score

Re: USER_IN_WHITELIST and SPF_FAIL

RW wrote: On Tue, 19 Jun 2012 19:14:11 -0400 Jeff Mincy wrote: From: RW rwmailli...@googlemail.com Date: Tue, 19 Jun 2012 23:43:57 +0100 If used sensibly USER_IN_WHITELIST is probably the most reliable rule we have, for the overwhelming majority of addresses it's far more

Re: USER_IN_WHITELIST and SPF_FAIL

RW wrote: On Wed, 20 Jun 2012 03:25:53 +0200 Benny Pedersen wrote: Den 2012-06-20 03:09, RW skrev: The overwhelming majority of email addresses are never spoofed. seen from my mta logs off sender addresses that miss the smtp auth password here postfix dont agree with you, if sender

Re: USER_IN_WHITELIST and SPF_FAIL

On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote: RW wrote: On Wed, 20 Jun 2012 03:25:53 +0200 Benny Pedersen wrote: Den 2012-06-20 03:09, RW skrev: The overwhelming majority of email addresses are never spoofed. seen from my mta logs off sender addresses that miss the

Re: USER_IN_WHITELIST and SPF_FAIL

My suggestion was intended to minimize the effect on existing behavior. I agree, it would probably be a very good idea to allow whitelist_from to be scored differently than the other whitelist variants, and to ship it with a smaller default score, but that change is fairly disruptive.

Re: USER_IN_WHITELIST and SPF_FAIL

On 6/20/2012 8:05 AM, Greg Troxel wrote: I would like to see... As an open source project, we encourage people to submit patches and step up to coding on the project. You can really start small with one line patches and I'll do my best to support you. Regards, KAM

Re: USER_IN_WHITELIST and SPF_FAIL

On Wed, 20 Jun 2012 11:22:08 +0200 Per Jessen wrote: RW wrote: Not if someone sends an email through a different mail system, I think that is what whitelist_allows_relays is intended to take care of. If it made a difference to the case I was referring to then it would effectively turn

Re: USER_IN_WHITELIST and SPF_FAIL

Den 2012-06-20 14:05, Greg Troxel skrev: That way I could do: whitelist_from -5 f...@yahoo.com AWL plugin basicly could be extended to use dkim/spf and more bound to whitelist_* so the awl score is more live calculated, with default awl its bound to 0.0.x.x/16 but it could be changed to

Re: USER_IN_WHITELIST and SPF_FAIL

RW wrote: On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote: RW wrote: What I mean is that if I whitelist a private email address, the chances of a spammer ever sending me a spam spoofing that address is very small. Happened to me twice only yesterday - somebody sent me mails

Re: USER_IN_WHITELIST and SPF_FAIL

Den 2012-06-20 18:38, Flemming Jacobsen skrev: Because you use email to send yourself reminder notes or small files. I have addresses on several distinct systems (private, work, google, user group, ...). And I whitelist them because I do not want mail to get lost. with shared imap folders

Re: USER_IN_WHITELIST and SPF_FAIL

On Wed, 20 Jun 2012 18:38:49 +0200 Flemming Jacobsen wrote: RW wrote: On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote: RW wrote: What I mean is that if I whitelist a private email address, the chances of a spammer ever sending me a spam spoofing that address is very small.

USER_IN_WHITELIST and SPF_FAIL

Hey I finally got around to enabling SPF checks in SA. (v. 3.3.2, via spamd on FreeBSD) It appears that even though SPF checks fail (i.e. SPF_FAIL), USER_IN_WHITELIST still adds -100 points to the score. Since the sender probably is spoofed, should USER_IN_WHITELIST not be ignored/neutral

Re: USER_IN_WHITELIST and SPF_FAIL

On 6/19/2012 4:21 PM, Flemming Jacobsen wrote: Hey I finally got around to enabling SPF checks in SA. (v. 3.3.2, via spamd on FreeBSD) It appears that even though SPF checks fail (i.e. SPF_FAIL), USER_IN_WHITELIST still adds -100 points to the score. Since the sender probably is spoofed

Re: USER_IN_WHITELIST and SPF_FAIL

Den 2012-06-19 22:21, Flemming Jacobsen skrev: It appears that even though SPF checks fail (i.e. SPF_FAIL), USER_IN_WHITELIST still adds -100 points to the score. Since the sender probably is spoofed, should USER_IN_WHITELIST not be ignored/neutral (not sure of the terminology here)? nope

Re: USER_IN_WHITELIST and SPF_FAIL

Den 2012-06-19 22:39, Kevin A. McGrail skrev: I think that's the concept behind the whitelist_from_spf but some use whitelist_from, its nothing new there :=) can user_in_whitelist be changed to not have -100 as default score, or is whitelist_from planned for removements ?

Re: USER_IN_WHITELIST and SPF_FAIL

On 06/19/2012 11:34 PM, Benny Pedersen wrote: Den 2012-06-19 22:39, Kevin A. McGrail skrev: I think that's the concept behind the whitelist_from_spf but some use whitelist_from, its nothing new there :=) can user_in_whitelist be changed to not have -100 as default score

Re: USER_IN_WHITELIST and SPF_FAIL

On Tue, 19 Jun 2012, Benny Pedersen wrote: Den 2012-06-19 22:39, Kevin A. McGrail skrev: I think that's the concept behind the whitelist_from_spf but some use whitelist_from, its nothing new there :=) can user_in_whitelist be changed to not have -100 as default score

Re: USER_IN_WHITELIST and SPF_FAIL

(USER_IN_WHITELIST SPF_FAIL) score WHITELIST_INSECURE_SPF 50 but since Flemming did not provide an sample there might be other options, eg why accept spf_fail in mta ?

Re: USER_IN_WHITELIST and SPF_FAIL

nothing new there :=) can user_in_whitelist be changed to not have -100 as default score, or is whitelist_from planned for removements ? It's needed for whan none of the other more-strict whitelist options will work, so we can't get just rid of it. True. I'd suggest

Re: USER_IN_WHITELIST and SPF_FAIL

the whitelist_from_spf but some use whitelist_from, its nothing new there :=) can user_in_whitelist be changed to not have -100 as default score, or is whitelist_from planned for removements ? It's needed for whan none of the other more-strict whitelist options

Re: USER_IN_WHITELIST and SPF_FAIL

: Den 2012-06-19 22:39, Kevin A. McGrail skrev: I think that's the concept behind the whitelist_from_spf but some use whitelist_from, its nothing new there :=) can user_in_whitelist be changed to not have -100 as default score

Re: USER_IN_WHITELIST and SPF_FAIL

On Tue, 19 Jun 2012, Jeff Mincy wrote: From: John Hardin jhar...@impsec.org I'd suggest instead a lint warning if it is used, alerting the admin that it's discouraged and that it has problems like this and is very easy to spoof. How about creating a different score for whitelist_from

Re: USER_IN_WHITELIST and SPF_FAIL

On Tue, 19 Jun 2012, Flemming Jacobsen wrote: I finally got around to enabling SPF checks in SA. (v. 3.3.2, via spamd on FreeBSD) It appears that even though SPF checks fail (i.e. SPF_FAIL), USER_IN_WHITELIST still adds -100 points to the score. Since the sender probably is spoofed, should

Re: USER_IN_WHITELIST and SPF_FAIL

On Tue, 19 Jun 2012 19:14:11 -0400 Jeff Mincy wrote: From: RW rwmailli...@googlemail.com Date: Tue, 19 Jun 2012 23:43:57 +0100 If used sensibly USER_IN_WHITELIST is probably the most reliable rule we have, for the overwhelming majority of addresses it's far more accurate than spf

Re: USER_IN_WHITELIST and SPF_FAIL

Den 2012-06-20 03:09, RW skrev: The overwhelming majority of email addresses are never spoofed. seen from my mta logs off sender addresses that miss the smtp auth password here postfix dont agree with you, if sender uses something belongs to my domain i may start asking for passwords, this

Re: USER_IN_WHITELIST and SPF_FAIL

On Wed, 20 Jun 2012 03:25:53 +0200 Benny Pedersen wrote: Den 2012-06-20 03:09, RW skrev: The overwhelming majority of email addresses are never spoofed. seen from my mta logs off sender addresses that miss the smtp auth password here postfix dont agree with you, if sender uses something

USER_IN_WHITELIST Not Scoring

an email as the root user to my legitimate email account, it is not getting scored. I have explicitly entered: score USER_IN_WHITELIST -100 in my local.cf. I have also disabled the AWL plugin. However, no matter what I do, it still won't score -100. The recipient's user_prefs is completely empty

Re: USER_IN_WHITELIST Not Scoring

boogybren wrote: Any suggestions would be greatly appreciated. Attached is my local.cf Simple solution, but you may not have tried it...restart spamassassin -- Dan Schaefer Application Developer Performance Administration Corp.

Re: USER_IN_WHITELIST Not Scoring

Application Developer Performance Administration Corp. -- View this message in context: http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24428665.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: USER_IN_WHITELIST Not Scoring

On Fri, 10 Jul 2009, boogybren wrote: My local root user sends me nightly emails with mail/spam statistics and information. Because of the spam information contained in the email, it sometimes flagged as spam itself. I would suggest you look into MTA configs that will allow you to

Re: USER_IN_WHITELIST Not Scoring

U.S. 437, 448 (1905) --- 10 days until the 40th anniversary of Apollo 11 landing on the Moon -- View this message in context: http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24432060.html Sent from

Re: USER_IN_WHITELIST Not Scoring

On Fri, 10 Jul 2009, boogybren wrote: I have been wanting to do something like that but haven't done the legwork to figure it out. I will certainly look up how to do this in sendmail. Do you have any suggestions? We also need to know how you're gluing SA into your mailer chain. Procmail?

Re: USER_IN_WHITELIST Not Scoring

on the Moon -- View this message in context: http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24432408.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: USER_IN_WHITELIST Not Scoring

On Fri, 10 Jul 2009, boogybren wrote: Am using procmail. Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA ruleset that skips mail originating from localhost. If you need help generalizing that for your situation, contact me offlist. Also, try to stop top-posting.

Re: USER_IN_WHITELIST Not Scoring

On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote: My local root user sends me nightly emails with mail/spam statistics and information. Because of the spam information contained in the email, it sometimes flagged as spam itself. In my local.cf, I have put the root user's

Re: USER_IN_WHITELIST Not Scoring

On Fri, 2009-07-10 at 11:30 -0700, John Hardin wrote: On Fri, 10 Jul 2009, an anonymous Nabble user wrote: Am using procmail. Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA ruleset that skips mail originating from localhost. If you need help generalizing that

Re: USER_IN_WHITELIST Not Scoring

(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} -- View this message in context: http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24434950.html Sent from the SpamAssassin - Users

Re: USER_IN_WHITELIST Not Scoring

From: Karsten Bräckelmann guent...@rudersport.de Date: Fri, 10 Jul 2009 23:43:03 +0200 On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote: My local root user sends me nightly emails with mail/spam statistics and information. Because of the spam information

Re: USER_IN_WHITELIST Not Scoring

On Fri, 2009-07-10 at 14:53 -0700, an anonymous Nabble user wrote: Here are the headers: Return-Path: r...@myphonydomain.com X-Spam-Tests: * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score:

Re: USER_IN_WHITELIST Not Scoring

On Fri, 2009-07-10 at 17:59 -0400, Jeff Mincy wrote: Don't use the un-constrained whitelist_from, unless as a last resort, if there's no other way and you cannot use the proper constrained ones, like whitelist_from_rcvd. A local root sender should be getting ALL_TRUSTED.

Re: USER_IN_WHITELIST Not Scoring

(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} -- View this message in context: http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24435281.html Sent from the SpamAssassin - Users

Re: USER_IN_WHITELIST Not Scoring

On Fri, 10 Jul 2009, boogybren wrote: Thanks Karsten. myphonydomain.com is just that, phony :-). I am using it in lieu of my real domain. The example.com domain is explicitly reserved for that purpose. If you use example.com in the future, people will know that you are sanitizing your

Re: USER_IN_WHITELIST Not Scoring

On Fri, 2009-07-10 at 15:30 -0700, an anonymous Nabble user wrote: Thanks Karsten. So it actually was a typo preventing the whitelist option from working? myphonydomain.com is just that, phony :-). I am using it in lieu of my real domain. So I figured. Bad idea nonetheless, makes debugging

USER_IN_WHITELIST problem.

Dear users ! I`m using exim + spamd + user_prefs in mysql. All works fine. But I found a bug, when I`m using whitelist, and header rcpt to: have address with character description, whitelist failed to catch it in database. For example: 1st message: spamd: clean message (-91.7/10.0) for

Re: USER_IN_WHITELIST problem.

Bug wrote: Dear users ! I`m using exim + spamd + user_prefs in mysql. All works fine. But I found a bug, when I`m using whitelist, and header rcpt to: have address with character description, whitelist failed to catch it in database. For example: 1st message: spamd: clean message

Re[2]: USER_IN_WHITELIST problem. SOLVED

Thank you Matt! Your letter helped me to understand my problem better. I`m not using sa-spamc, my exim using ACL spam, that connects directly to spamd ip/port. My founded solution was described in Exim FAQ: A0512: Envelope-To: is added at delivery time, by the transport. Therefore, the

USER_IN_WHITELIST triggered but whitelist_from* not in my config

Lately, we've been getting a bunch of spam with negative scores because it has triggered USER_IN_WHITELIST but we don't use whitelist_from*. About 2 weeks ago I removed whitelist_from_rcvd. Could it still be triggering it. Maybe the spam was sent a few weeks ago and just now being deliver

Re: USER_IN_WHITELIST triggered but whitelist_from* not in my config

Nevermind. Someone has whitelisted our url in user-prefs. robanna wrote: Lately, we've been getting a bunch of spam with negative scores because it has triggered USER_IN_WHITELIST but we don't use whitelist_from*. About 2 weeks ago I removed whitelist_from_rcvd. Could it still

USER_IN_WHITELIST Rule

Why does spam continually get a hit on this rule? I noticed a lot more spam coming in off the upgrade to 3.2.4. Are spammers getting crafty with their mail messages to appear as coming from myself TO myself? I could always reduce the adjustment that USER_IN_WHITELIST makes. However, I'd like

Re: USER_IN_WHITELIST Rule

Matthew Goodman wrote: Why does spam continually get a “hit” on this rule? I noticed a lot more spam coming in off the upgrade to 3.2.4. Are spammers getting crafty with their mail messages to appear as coming from myself TO myself? I could always reduce the adjustment that USER_IN_WHITELIST

Re: user_in_whitelist , how do I find out which one?

Andrew Xiang wrote: I have many users in the whitelist_from in the local.cf. When I get forwarded spam email like this, how do I find which one it matched? If you want to know for sure, you can run it through spamassassin -D and wade through the debug output. my guess is you've got a

user_in_whitelist , how do I find out which one?

: No, score=-72.0 required=5.0 tests=BAYES_50,DCC_CHECK, DIGEST_MULTIPLE,DRUGS_ERECTILE,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG, MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100, RAZOR2_CHECK,SARE_FROM_DRUGS,UNPARSEABLE_RELAY,USER_IN_WHITELIST autolearn=no version=3.2.1 X-Spam

Re: user_in_whitelist , how do I find out which one?

On Mon, 2007-10-22 at 11:46 -0400, Andrew Xiang wrote: I have many users in the whitelist_from in the local.cf. When I get forwarded spam email like this, how do I find which one it matched? Which FROM entry is it actually looking at? See the section Whitelist and Blacklist options in the

Re: USER_IN_WHITELIST ??

or whitelist_from_rcvd? Thanks! On Sun, 2007-07-15 at 20:26 -0400, Matt Kettler wrote: Lindsay nHaisley wrote: I've recently discovered a couple of emails tagged by SA (v3.2.1-gr1) with USER_IN_WHITELIST and assigned score components of -100 accordingly according to 50_scores.cf on the basis of a call

Re: USER_IN_WHITELIST ??

On Mon, Jul 16, 2007 at 01:38:22AM -0500, Lindsay Haisley wrote: override these. Does blacklist_from take precedence over whitelist_from or whitelist_from_rcvd? Whitelists and blacklists are independent, ie: no precedence involved. You could have both hit on a message for a +100 - 100 = 0

USER_IN_WHITELIST ??

I've recently discovered a couple of emails tagged by SA (v3.2.1-gr1) with USER_IN_WHITELIST and assigned score components of -100 accordingly according to 50_scores.cf on the basis of a call to eval:check_from_in_whitelist() in 60_whitelist.cf. I would assume that this would only be possible

Re: USER_IN_WHITELIST ??

Lindsay Haisley wrote: I've recently discovered a couple of emails tagged by SA (v3.2.1-gr1) with USER_IN_WHITELIST and assigned score components of -100 accordingly according to 50_scores.cf on the basis of a call to eval:check_from_in_whitelist() in 60_whitelist.cf. I would assume

Re: USER_IN_WHITELIST and autolearn

[EMAIL PROTECTED] says... Alexis Manning wrote: It seems that if USER_IN_WHITELIST is triggered then the message won?t be auto-learned. That is incorrect, however USER_IN_WHITELIST does not count toward any autolearning decisions. [...] As far as the autolearner is concerned

USER_IN_WHITELIST and autolearn

It seems that if USER_IN_WHITELIST is triggered then the message won't be auto-learned. X-Spam-Status: No, score=-100.0 required=7.5tests=BAYES_50=0.001, HTML_MESSAGE=0.001,USER_IN_WHITELIST=-100 autolearn=no version=3.1.7 I have a fair number of people in my whitelist and I

Re: USER_IN_WHITELIST and autolearn

Alexis Manning wrote: It seems that if USER_IN_WHITELIST is triggered then the message won’t be auto-learned. That is incorrect, however USER_IN_WHITELIST does not count toward any autolearning decisions. The primary reason being that whitelists are often misconfigured the first time around

USER_IN_WHITELIST

Which rule sets this ? I have grep'd through /etc/mail/spamassassin and the variable is used but does not seem to get set anywhere ? -- --[ UxBoD ]-- // PGP Key: curl -s http://www.splatnix.net/uxbod.asc | gpg --import // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 //

Re: USER_IN_WHITELIST

--[ UxBoD ]-- a écrit : Which rule sets this ? I have grep'd through /etc/mail/spamassassin and the variable is used but does not seem to get set anywhere ? Hi, Have a look in /usr/share/spamassassin. There is 60_whitelist.cf for rules and about scores it s in 50_scores.cf BUT it's

Re: USER_IN_WHITELIST

I have just performed a brand new server install with SA 3.2.0 and I noticed a email this morning that had scored -94. I do not know the sender domain, so looked at how it had been scored and noticed that the rule USER_IN_WHITELIST had been hit with a -100. On Tue, 15 May 2007 10:35:35 +0200

Re: USER_IN_WHITELIST

that the rule USER_IN_WHITELIST had been hit with a -100. On Tue, 15 May 2007 10:35:35 +0200, Cedric BUSCHINI [EMAIL PROTECTED] wrote: --[ UxBoD ]-- a écrit : Which rule sets this ? I have grep'd through /etc/mail/spamassassin and the variable is used but does not seem to get set

Re: USER_IN_WHITELIST

with SA 3.2.0 and I noticed a email this morning that had scored -94. I do not know the sender domain, so looked at how it had been scored and noticed that the rule USER_IN_WHITELIST had been hit with a -100. On Tue, 15 May 2007 10:35:35 +0200, Cedric BUSCHINI [EMAIL PROTECTED] wrote: --[ UxBoD

Re: USER_IN_WHITELIST

scored -94. I do not know the sender domain, so looked at how it had been scored and noticed that the rule USER_IN_WHITELIST had been hit with a -100. On Tue, 15 May 2007 10:35:35 +0200, Cedric BUSCHINI [EMAIL PROTECTED] wrote: --[ UxBoD ]-- a écrit : Which rule sets this ? I have grep'd

Re: USER_IN_WHITELIST problem

Sherman Lilly wrote: [Snipped text about forged mail from own domains whitelisted...] I was looking on the net and I came across a plugin on spamassassin I don't think i have loaded. Will the SPF plugin help with this problem? If you publish SPF records for your domains, you can use

RE: USER_IN_WHITELIST problem

René Berber wrote: Sherman Lilly wrote: [snip] I get why they are getting through. They are spoofing the Return-Path. Is there any way to remedy this problem? Depends on your server. For sendmail there is: http://ultra.ap.krakow.pl/~raj/sendmail/english.html the

Re: USER_IN_WHITELIST problem

As of last Wednesday I am having this problem. In fact it's more then just USER_IN_WHITELIST, I am getting many reports of incorrect USER_IN_BLACKLIST. No I don't whitelist my domain. Yes I checked the To/From/ReplyTo/EnvelopeFrom/etc. No the users don't have whitelist/blacklist entries

Re: USER_IN_WHITELIST problem

Sherman Lilly wrote: I was looking on the net and I came across a plugin on spamassassin I don't think i have loaded. Will the SPF plugin help with this problem? Yes... *if* you replace whitelist_from with whitelist_from_spf Alternatively you can try something like this: whitelist_from_rcvd

Re: USER_IN_WHITELIST problem

Ok I have an update. I picked a message that was getting marked USER_IN_WHITELIST once every 5 or so messages. I took the from address and added this code to Perl..Mail\SpamAssassin\EvalTests.pm if ($addr =~ qr/$regexp/i) { dbg(rules: address $addr matches whitelist or blacklist

Re: USER_IN_WHITELIST problem

Will Nordmeyer wrote: René Berber wrote: Sherman Lilly wrote: [snip] I get why they are getting through. They are spoofing the Return-Path. Is there any way to remedy this problem? Depends on your server. For sendmail there is: http://ultra.ap.krakow.pl/~raj/sendmail/english.html

USER_IN_WHITELIST problem

I have spam getting through that would get filtered if they were not getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist but no of these spam email have anything close to my whitelist. I am using the latest version of spamassassin and update my rules daily. I have also

Re: USER_IN_WHITELIST problem

Sherman Lilly wrote: I have spam getting through that would get filtered if they were not getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist but no of these spam email have anything close to my whitelist. Yes they do, otherwise you wouldn't see USER_IN_WHITELIST hitting

RE: USER_IN_WHITELIST problem

Well, I certainly don't mean to be argumentative about this, but over the weekend, I had to set USER_IN_WHITELIST score to 0 due to the number of false hits it was receiving. Seeing as I am the only one here who has the ability to add and remove from whitelists or blacklists, I have a pretty good

Re: USER_IN_WHITELIST problem

Drew Burchett wrote: Well, I certainly don't mean to be argumentative about this, but over the weekend, I had to set USER_IN_WHITELIST score to 0 due to the number of false hits it was receiving. Seeing as I am the only one here who has the ability to add and remove from whitelists

Re: USER_IN_WHITELIST problem

On Monday 22 January 2007 11:39, you wrote: Sherman Lilly wrote: I have spam getting through that would get filtered if they were not getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist but no of these spam email have anything close to my whitelist. Yes they do

RE: USER_IN_WHITELIST problem

Do you have some example headers? This is a legitimate email, but it got flagged as USER_IN_WHITELIST while CNN is not listed in my whitelist: Received: from cnnimail33.turner.com (cnnimail33.turner.com [64.236.25.90]) by spamfilter.onlineky.net (Postfix) with ESMTP id 2FB331757E

  1   2   >