> BUT... amavis identifies the address by matching the envelope sender OR the > From: header sender. So (in theory) a spammer can easily fake the envelope > sender and get whitelisted.
I was under the impression that amavis uses the Return-Path header and not the From header.
