they exist on the server.
USER_IN_WHITELIST is based on the sender address, and for backscatter
that's going to be on a series of random third-party domains. It seems
very unlikely that this is affecting backscatter - unless you've
whitelisted everything.
SpamAssassin doesn't
On Sat, 7 Oct 2017, Antony Stone wrote:
On Saturday 07 October 2017 at 16:27:00, djkraz wrote:
I have a user that is getting thousands of backscatter a minute for a
couple days now. I've tried everything I can find on the web to get
vbounce working with no luck as the user is obviously in the
On Saturday 07 October 2017 at 16:27:00, djkraz wrote:
> I have a user that is getting thousands of backscatter a minute for a
> couple days now. I've tried everything I can find on the web to get
> vbounce working with no luck as the user is obviously in the whitelist
> since they exist on the s
I have a user that is getting thousands of backscatter a minute for a couple
days now. I've tried everything I can find on the web to get vbounce
working with no luck as the user is obviously in the whitelist since they
exist on the server. I've tried setting the priority of vbounce higher but
it
Lorenzo Thurman wrote on 8/07/16 9:26 AM:
> Thanks for the info. Does anyone know how I can use whitelistfrom_rcvd? I
> can't find any clear answers via Google.
>
Excuse my typo for the correct spelling whitelist_from_rcvd.
To use it, look at the legitimate emails that you want to whitelist an
Am 07.07.2016 um 23:26 schrieb Lorenzo Thurman:
Thanks for the info. Does anyone know how I can use whitelistfrom_rcvd? I can't
find any clear answers via Google.
besides the typo the same way as the other whitelist options
the only difference is the second param with is the DNS-PTR of the
"My Break-Dancing days are over, but there's always the Funky Chicken" -- The
Full Monty
> On Jul 7, 2016, at 3:57 PM, Sidney Markowitz wrote:
>
> Lorenzo Thurman wrote on 8/07/16 3:03 AM:
>>> On Jul 7, 2016, at 8:14 AM, Antony Stone
>>> wrote:
>>> \.microsoft\.com$ will match anything endi
Lorenzo Thurman wrote on 8/07/16 3:03 AM:
>> On Jul 7, 2016, at 8:14 AM, Antony Stone
>> wrote:
>> \.microsoft\.com$ will match anything ending in ".microsoft.com"
RW already pointed this out, but to make sure nobody reading this thread
misses it, the above is wrong because whitelist does not us
On Thu, 7 Jul 2016 10:03:37 -0500
Lorenzo Thurman wrote:
y
>
> > On Jul 7, 2016, at 8:14 AM, Antony Stone
> > wrote:
> > There's a big difference between subdomains, and domains with
> > letters in front of "microsoft".
> >
> > \.microsoft\.com$ will match anything ending in ".microsoft.com"
>
"My Break-Dancing days are over, but there's always the Funky Chicken" -- The
Full Monty
> On Jul 7, 2016, at 8:14 AM, Antony Stone
> wrote:
>
> On Thursday 07 July 2016 at 15:08:44, Lorenzo Thurman wrote:
>
>>> On Jul 7, 2016, at 7:15 AM, Reindl Harald wrote:
Am 07.07.2016 um 14:12 s
On Thu, 7 Jul 2016 08:08:44 -0500
Lorenzo Thurman wrote:
> >
> > well the ^ followed by .* is also pointless
>
>
> I see. Thanks for the tip,
It wasn't really a tip. The globs (wildcards) get converted into
regularly expressions that aren't quite as mimimalist as the could be
- but that's n
On Thursday 07 July 2016 at 15:08:44, Lorenzo Thurman wrote:
> > On Jul 7, 2016, at 7:15 AM, Reindl Harald wrote:
> >> Am 07.07.2016 um 14:12 schrieb Joe Quinn:
> >> In addition to the above, it's easy for a spammer to register something
> >> like kajsdhfkjasghdskghlaskfhmicrosoft.com which would
On Thu, 7 Jul 2016 14:15:18 +0200
Reindl Harald wrote:
> should at least look similar to that:
> ^.*\.microsoft\.com$
>
> well the ^ followed by .* is also pointless
It's generated from a glob in the configuration.
"My Break-Dancing days are over, but there's always the Funky Chicken" -- The
Full Monty
> On Jul 7, 2016, at 7:15 AM, Reindl Harald wrote:
>
>
>
>> Am 07.07.2016 um 14:12 schrieb Joe Quinn:
>>> On 7/6/2016 11:42 PM, Bill Cole wrote:
>>> On 6 Jul 2016, at 23:10, lorenzo wrote:
>>>
>>> [...
Am 07.07.2016 um 14:12 schrieb Joe Quinn:
On 7/6/2016 11:42 PM, Bill Cole wrote:
On 6 Jul 2016, at 23:10, lorenzo wrote:
[...]
The output from spamassassin -t -D < In-whitelist.txt gives the
answer, I believe:
address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or
blacklist regexp: ^
On 7/6/2016 11:42 PM, Bill Cole wrote:
On 6 Jul 2016, at 23:10, lorenzo wrote:
[...]
The output from spamassassin -t -D < In-whitelist.txt gives the
answer, I believe:
address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or
blacklist regexp: ^.*microsoft\.com$
Very sneaky. I think I
On 6 Jul 2016, at 23:10, lorenzo wrote:
[...]
The output from spamassassin -t -D < In-whitelist.txt gives the
answer, I believe:
address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or
blacklist regexp: ^.*microsoft\.com$
Very sneaky. I think I can handle this one from here.
Thanks ag
> On Jul 6, 2016, at 8:50 PM, Bill Cole
> wrote:
>
> On 6 Jul 2016, at 21:13, Lorenzo Thurman wrote:
>
>> I’ve been receiving some spam where spamassassin identifies the sender with
>> USER_IN_WHITELIST. These senders (or domains) are most definitely not in my
On 6 Jul 2016, at 21:58, David B Funk wrote:
> On Wed, 6 Jul 2016, Lorenzo Thurman wrote:
>
>> I’ve been receiving some spam where spamassassin identifies the sender with
>> USER_IN_WHITELIST. These senders (or domains) are
>> most definitely not in my whitelist. H
On Wed, 6 Jul 2016, Lorenzo Thurman wrote:
I’ve been receiving some spam where spamassassin identifies the sender with
USER_IN_WHITELIST. These senders (or domains) are
most definitely not in my whitelist. How can I get around this problem?Thanks
SpamAssassin comes with some built-in
On 6 Jul 2016, at 21:13, Lorenzo Thurman wrote:
I’ve been receiving some spam where spamassassin identifies the
sender with USER_IN_WHITELIST. These senders (or domains) are most
definitely not in my whitelist. How can I get around this problem?
There are so many relevant variables
I’ve been receiving some spam where spamassassin identifies the sender with
USER_IN_WHITELIST. These senders (or domains) are most definitely not in my
whitelist. How can I get around this problem?
Thanks
On Wed, 20 Jun 2012 18:38:49 +0200
Flemming Jacobsen wrote:
> RW wrote:
> > On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote:
> > > RW wrote:
> > > > What I mean is that if I whitelist a private email address, the
> > > > chances of a spammer ever sending me a spam spoofing that
> > > > address
Den 2012-06-20 18:38, Flemming Jacobsen skrev:
Because you use email to send yourself reminder notes or small
files. I have addresses on several distinct systems (private,
work, google, user group, ...).
And I whitelist them because I do not want mail to get lost.
with shared imap folders noth
RW wrote:
> On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote:
> > RW wrote:
> > > What I mean is that if I whitelist a private email address, the
> > > chances of a spammer ever sending me a spam spoofing that address is
> > > very small.
> >
> > Happened to me twice only yesterday - somebody s
Den 2012-06-20 14:05, Greg Troxel skrev:
That way I could do:
whitelist_from -5 f...@yahoo.com
AWL plugin basicly could be extended to use dkim/spf and more bound to
whitelist_* so the awl score is more live calculated, with default awl
its bound to 0.0.x.x/16 but it could be changed to /
On Wed, 20 Jun 2012 11:22:08 +0200
Per Jessen wrote:
> RW wrote:
> > Not if someone sends an email through a different mail system,
>
> I think that is what "whitelist_allows_relays" is intended to take
> care of.
If it made a difference to the case I was referring to then it would
effectivel
On 6/20/2012 8:05 AM, Greg Troxel wrote:
I would like to see...
As an open source project, we encourage people to submit patches and
step up to coding on the project.
You can really start small with one line patches and I'll do my best to
support you.
Regards,
KAM
My suggestion was intended to minimize the effect on existing
behavior. I agree, it would probably be a very good idea to allow
whitelist_from to be scored differently than the other whitelist
variants, and to ship it with a smaller default score, but that change
is fairly disruptive.
I
On Wed, 20 Jun 2012 11:33:49 +0200
Per Jessen wrote:
> RW wrote:
>
> > On Wed, 20 Jun 2012 03:25:53 +0200
> > Benny Pedersen wrote:
> >
> >> Den 2012-06-20 03:09, RW skrev:
> >>
> >> > The overwhelming majority of email addresses are never spoofed.
> >
> >> seen from my mta logs off sender add
RW wrote:
> On Wed, 20 Jun 2012 03:25:53 +0200
> Benny Pedersen wrote:
>
>> Den 2012-06-20 03:09, RW skrev:
>>
>> > The overwhelming majority of email addresses are never spoofed.
>
>> seen from my mta logs off sender addresses that miss the smtp auth
>> password here postfix dont agree with yo
RW wrote:
> On Tue, 19 Jun 2012 19:14:11 -0400
> Jeff Mincy wrote:
>
>>From: RW
>>Date: Tue, 19 Jun 2012 23:43:57 +0100
>
>>If used sensibly USER_IN_WHITELIST is probably the most reliable
>> rule we have, for the overwhelming majority of addr
John Hardin wrote:
> On Tue, 19 Jun 2012, Benny Pedersen wrote:
>
>> Den 2012-06-19 22:39, Kevin A. McGrail skrev:
>>
>>> I think that's the concept behind the whitelist_from_spf
>>
>> but some use whitelist_from, its nothing new there :=)
>>
&g
On Wed, 20 Jun 2012 03:25:53 +0200
Benny Pedersen wrote:
> Den 2012-06-20 03:09, RW skrev:
>
> > The overwhelming majority of email addresses are never spoofed.
> seen from my mta logs off sender addresses that miss the smtp auth
> password here postfix dont agree with you, if sender uses somet
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the smtp auth
password here postfix dont agree with you, if sender uses something
belongs to my domain i may start asking for passwords, this c
On Tue, 19 Jun 2012 19:14:11 -0400
Jeff Mincy wrote:
>From: RW
>Date: Tue, 19 Jun 2012 23:43:57 +0100
>If used sensibly USER_IN_WHITELIST is probably the most reliable
> rule we have, for the overwhelming majority of addresses it's far
> more accurate than sp
On Tue, 19 Jun 2012, Flemming Jacobsen wrote:
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should
On Tue, 19 Jun 2012, Jeff Mincy wrote:
From: John Hardin
I'd suggest instead a lint warning if it is used, alerting the admin that
it's discouraged and that it has problems like this and is very easy to
spoof.
How about creating a different score for whitelist_from that is
separate fr
gt; Den 2012-06-19 22:39, Kevin A. McGrail skrev:
>>
>>> I think that's the concept behind the whitelist_from_spf
>>
>> but some use whitelist_from, its nothing new there :=)
>>
>> can user_in_whitelist be changed
think that's the concept behind the whitelist_from_spf
>>
>> but some use whitelist_from, its nothing new there :=)
>>
>> can user_in_whitelist be changed to not have -100 as default
>> score, or is whitelist_from planned for removements ?
t_from, its nothing new there :=)
>
> can user_in_whitelist be changed to not have -100 as default score, or is
> whitelist_from planned for removements ?
It's needed for whan none of the other more-strict whitelist options will
work, so we can't get just rid
SECURE_SPF (USER_IN_WHITELIST && SPF_FAIL)
score WHITELIST_INSECURE_SPF 50
but since Flemming did not provide an sample there might be other
options, eg why accept spf_fail in mta ?
On Tue, 19 Jun 2012, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score,
On 06/19/2012 11:34 PM, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score,
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score, or
is whitelist_from planned for removements ?
Den 2012-06-19 22:21, Flemming Jacobsen skrev:
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should USER_IN_WHITELIST
not be ignored/neutral (not sure of the terminology here)?
nope
On 6/19/2012 4:21 PM, Flemming Jacobsen wrote:
Hey
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed
Hey
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should USER_IN_WHITELIST
not be ignored/neutral (not
On Fri, 2009-07-10 at 15:30 -0700, an anonymous Nabble user wrote:
> Thanks Karsten.
So it actually was a typo preventing the whitelist option from working?
> myphonydomain.com is just that, phony :-). I am using it in lieu of my real
> domain.
So I figured. Bad idea nonetheless, makes debuggin
On Fri, 10 Jul 2009, boogybren wrote:
Thanks Karsten.
myphonydomain.com is just that, phony :-). I am using it in lieu of my
real domain.
The "example.com" domain is explicitly reserved for that purpose. If you
use example.com in the future, people will know that you are sanitizing
your h
om not found: 3(NXDOMAIN)
>
>
> --
> char
> *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putc
On Fri, 2009-07-10 at 17:59 -0400, Jeff Mincy wrote:
>Don't use the un-constrained whitelist_from, unless as a last resort, if
>there's no other way and you cannot use the proper constrained ones,
>like whitelist_from_rcvd.
>
> A local root sender should be getting ALL_TRUSTED.
On Fri, 2009-07-10 at 14:53 -0700, an anonymous Nabble user wrote:
> Here are the headers:
>
> Return-Path:
> X-Spam-Tests:
> * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
> * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> * [score: 0.]
> * 2.
From: Karsten Bräckelmann
Date: Fri, 10 Jul 2009 23:43:03 +0200
On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote:
> My local root user sends me nightly emails with mail/spam statistics and
> information. Because of the spam information contained in the email, i
4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
> }}}
>
>
>
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24434950.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Fri, 2009-07-10 at 11:30 -0700, John Hardin wrote:
> On Fri, 10 Jul 2009, an anonymous Nabble user wrote:
>
> > Am using procmail.
>
> Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA
> ruleset that skips mail originating from localhost. If you need help
> generalizi
On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote:
> My local root user sends me nightly emails with mail/spam statistics and
> information. Because of the spam information contained in the email, it
> sometimes flagged as spam itself.
>
> In my local.cf, I have put the root user'
On Fri, 10 Jul 2009, boogybren wrote:
Am using procmail.
Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA
ruleset that skips mail originating from localhost. If you need help
generalizing that for your situation, contact me offlist.
Also, try to stop top-posting. T
---
>Gun Control laws cannot reduce violent crime, because gun control
>laws focus obsessively on a tool a criminal might use to commit a
>crime rather than the criminal himself and his act of violence.
> ---
> 10 days until the 40th anniversary of Apollo 11 landing on the Moon
>
>
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24432408.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Fri, 10 Jul 2009, boogybren wrote:
I have been wanting to do something like that but haven't done the
legwork to figure it out.
I will certainly look up how to do this in sendmail. Do you have any
suggestions?
We also need to know how you're gluing SA into your mailer chain.
Procmail?
hen adopted, it means now.
> -- U.S. Supreme Court
> SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905)
> ---
> 10 days until the 40th anniversary of Apollo 11 landing on the Moon
>
>
On Fri, 10 Jul 2009, boogybren wrote:
My local root user sends me nightly emails with mail/spam statistics and
information. Because of the spam information contained in the email, it
sometimes flagged as spam itself.
I would suggest you look into MTA configs that will allow you to
completel
sassin
>
> --
> Dan Schaefer
> Application Developer
> Performance Administration Corp.
>
>
>
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24428665.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
boogybren wrote:
Any suggestions would be greatly appreciated. Attached is my local.cf
Simple solution, but you may not have tried it...restart spamassassin
--
Dan Schaefer
Application Developer
Performance Administration Corp.
nd an email as the root user to my
legitimate email account, it is not getting scored.
I have explicitly entered:
score USER_IN_WHITELIST -100
in my local.cf. I have also disabled the AWL plugin. However, no matter
what I do, it still won't score -100. The recipient's user_prefs is
c
Thank you Matt!
Your letter helped me to understand my problem better.
I`m not using sa-spamc, my exim using ACL spam, that connects directly
to spamd ip/port.
My founded solution was described in Exim FAQ:
A0512: Envelope-To: is added at delivery time, by the transport.
Therefore, the header
Bug wrote:
> Dear users !
>
> I`m using exim + spamd + user_prefs in mysql. All works fine.
>
> But I found a bug, when I`m using whitelist, and header rcpt to: have
> address with character description, whitelist failed to catch it in
> database. For example:
>
> 1st message:
> spamd: clean messa
Dear users !
I`m using exim + spamd + user_prefs in mysql. All works fine.
But I found a bug, when I`m using whitelist, and header rcpt to: have
address with character description, whitelist failed to catch it in
database. For example:
1st message:
spamd: clean message (-91.7/10.0) for t...@loc
Nevermind. Someone has whitelisted our url in user-prefs.
robanna wrote:
>
> Lately, we've been getting a bunch of spam with negative scores because it
> has triggered USER_IN_WHITELIST but we don't use whitelist_from*. About 2
> weeks ago I removed whitelist_from_r
Lately, we've been getting a bunch of spam with negative scores because it
has triggered USER_IN_WHITELIST but we don't use whitelist_from*. About 2
weeks ago I removed whitelist_from_rcvd. Could it still be triggering it.
Maybe the spam was sent a few weeks ago and just now being deli
Matthew Goodman wrote:
Why does spam continually get a “hit” on this rule? I noticed a lot
more spam coming in off the upgrade to 3.2.4. Are spammers getting
crafty with their mail messages to appear as coming from myself TO
myself? I could always reduce the adjustment that USER_IN_WHITELIST
Why does spam continually get a "hit" on this rule? I noticed a lot more
spam coming in off the upgrade to 3.2.4. Are spammers getting crafty with
their mail messages to appear as coming from myself TO myself? I could
always reduce the adjustment that USER_IN_WHITELIST makes. However, I
Andrew Xiang wrote:
> I have many users in the whitelist_from in the local.cf.
> When I get forwarded spam email like this, how do I find which one it
> matched?
If you want to know for sure, you can run it through spamassassin -D and
wade through the debug output.
my guess is you've got a whitel
On Mon, 2007-10-22 at 11:46 -0400, Andrew Xiang wrote:
> I have many users in the whitelist_from in the local.cf.
> When I get forwarded spam email like this, how do I find which one it
> matched? Which FROM entry is it actually looking at?
See the section Whitelist and Blacklist options in the do
, score=-72.0 required=5.0 tests=BAYES_50,DCC_CHECK,
DIGEST_MULTIPLE,DRUGS_ERECTILE,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,
RAZOR2_CHECK,SARE_FROM_DRUGS,UNPARSEABLE_RELAY,USER_IN_WHITELIST autolearn=no
version=3.2.1
X-Spam
On Mon, Jul 16, 2007 at 01:38:22AM -0500, Lindsay Haisley wrote:
> override these. Does blacklist_from take precedence over whitelist_from
> or whitelist_from_rcvd?
Whitelists and blacklists are independent, ie: no "precedence" involved.
You could have both hit on a message for a +100 - 100 = 0 t
om
or whitelist_from_rcvd?
Thanks!
On Sun, 2007-07-15 at 20:26 -0400, Matt Kettler wrote:
> Lindsay nHaisley wrote:
> > I've recently discovered a couple of emails tagged by SA (v3.2.1-gr1)
> > with USER_IN_WHITELIST and assigned score components of -100 accordingly
> > according to 50_s
Lindsay Haisley wrote:
> I've recently discovered a couple of emails tagged by SA (v3.2.1-gr1)
> with USER_IN_WHITELIST and assigned score components of -100 accordingly
> according to 50_scores.cf on the basis of a call to
> eval:check_from_in_whitelist() in 60_whitelist.cf.
&
I've recently discovered a couple of emails tagged by SA (v3.2.1-gr1)
with USER_IN_WHITELIST and assigned score components of -100 accordingly
according to 50_scores.cf on the basis of a call to
eval:check_from_in_whitelist() in 60_whitelist.cf.
I would assume that this would only be possib
[EMAIL PROTECTED] says...
> Alexis Manning wrote:
> > It seems that if USER_IN_WHITELIST is triggered then the message won?t
> > be auto-learned.
> >
> That is incorrect, however USER_IN_WHITELIST does not count toward any
> autolearning decisions.
[...]
> As far a
Alexis Manning wrote:
>
> It seems that if USER_IN_WHITELIST is triggered then the message won’t
> be auto-learned.
>
That is incorrect, however USER_IN_WHITELIST does not count toward any
autolearning decisions. The primary reason being that whitelists are
often misconfigured th
It seems that if USER_IN_WHITELIST is triggered then the message won't be
auto-learned.
X-Spam-Status: No, score=-100.0 required=7.5tests=BAYES_50=0.001,
HTML_MESSAGE=0.001,USER_IN_WHITELIST=-100 autolearn=no
version=3.1.7
I have a fair number of people in my whitelist
0 and I
> noticed a email this morning that had scored -94. I do not know the sender
> domain, so looked at how it had been scored and noticed that the rule
> USER_IN_WHITELIST had been hit with a -100.
>>
>>On Tue, 15 May 2007 10:35:35 +0200, Cedric BUSCHINI <[EMA
ust performed a brand new server install with SA 3.2.0 and I
> noticed a email this morning that had scored -94. I do not know the sender
> domain, so looked at how it had been scored and noticed that the rule
> USER_IN_WHITELIST had been hit with a -100.
>>
>>On Tue, 15 May 2
the rule USER_IN_WHITELIST
had been hit with a -100.
On Tue, 15 May 2007 10:35:35 +0200, Cedric BUSCHINI <[EMAIL PROTECTED]> wrote:
--[ UxBoD ]-- a écrit :
Which rule sets this ? I have grep'd through /etc/mail/spamassassin and
the variable is used but does not seem
I have just performed a brand new server install with SA 3.2.0 and I noticed a
email this morning that had scored -94. I do not know the sender domain, so
looked at how it had been scored and noticed that the rule USER_IN_WHITELIST
had been hit with a -100.
On Tue, 15 May 2007 10:35:35 +0200
--[ UxBoD ]-- a écrit :
Which rule sets this ? I have grep'd through /etc/mail/spamassassin and the
variable is used but does not seem to get set anywhere ?
Hi,
Have a look in /usr/share/spamassassin.
There is 60_whitelist.cf for rules and about scores it s in 50_scores.cf
BUT it's better
Which rule sets this ? I have grep'd through /etc/mail/spamassassin and the
variable is used but does not seem to get set anywhere ?
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8
// Keyserv
Sherman Lilly wrote:
[Snipped text about forged mail from own domains whitelisted...]
> I was looking on the net and I came across a plugin on spamassassin I don't
> think i have loaded. Will the SPF plugin help with this problem?
If you publish SPF records for your domains, you can use whiteli
Will Nordmeyer wrote:
>
> René Berber wrote:
>> Sherman Lilly wrote:
> [snip]
>>> I get why they are getting through. They are spoofing the Return-Path.
>>> Is there any way to remedy this problem?
>> Depends on your server. For sendmail there is:
>>
>> http://ultra.ap.krakow.pl/~raj/sendmai
Ok I have an update. I picked a message that was getting marked
USER_IN_WHITELIST once every 5 or so messages. I took the from address
and added this code to Perl..Mail\SpamAssassin\EvalTests.pm
if ($addr =~ qr/$regexp/i) {
dbg("rules: address $addr matches whitelist or blac
Sherman Lilly wrote:
I was looking on the net and I came across a plugin on spamassassin I don't
think i have loaded. Will the SPF plugin help with this problem?
Yes... *if* you replace whitelist_from with whitelist_from_spf
Alternatively you can try something like this:
whitelist_from_rcvd
As of last Wednesday I am having this problem. In fact it's more then
just USER_IN_WHITELIST, I am getting many reports of incorrect
USER_IN_BLACKLIST.
No I don't whitelist my domain.
Yes I checked the To/From/ReplyTo/EnvelopeFrom/etc.
No the users don't have whitelist/bl
René Berber wrote:
> Sherman Lilly wrote:
[snip]
> > I get why they are getting through. They are spoofing the Return-Path.
> > Is there any way to remedy this problem?
>
> Depends on your server. For sendmail there is:
>
> http://ultra.ap.krakow.pl/~raj/sendmail/english.html
>
> the FE
Sherman Lilly wrote:
[snip]
> I was looking on the net and I came across a plugin on spamassassin I don't
> think i have loaded. Will the SPF plugin help with this problem?
No, I think the default score is 0.0, and it's only for positive id (thus I add
points, not subtract).
Botnet plugin probab
On Monday 22 January 2007 12:51, Jonas Eckerman wrote:
> > that is getting through. It should have failed.
>
> Why should it have failed?
>
> > WHITELIST_FROM [EMAIL PROTECTED]
>
> [...]
>
> > Return-Path: <[EMAIL PROTECTED]>
>
> * You have whitelisted all mail from "[EMAIL PROTECTED]".
> * The mai
> that is getting through. It should have failed.
Why should it have failed?
> WHITELIST_FROM [EMAIL PROTECTED]
[...]
> Return-Path: <[EMAIL PROTECTED]>
* You have whitelisted all mail from "[EMAIL PROTECTED]".
* The mail is from "[EMAIL PROTECTED]" according to the SMTP envelope.
= You have whi
Drew Burchett wrote:
Do you have some example headers?
This is a legitimate email, but it got flagged as USER_IN_WHITELIST
while CNN is not listed in my whitelist:
You didn't include the envelope from address in any of your examples.
Daryl
>Do you have some example headers?
This is a legitimate email, but it got flagged as USER_IN_WHITELIST
while CNN is not listed in my whitelist:
Received: from cnnimail33.turner.com (cnnimail33.turner.com
[64.236.25.90])
by spamfilter.onlineky.net (Postfix) with ESMTP id 2FB3317
On Monday 22 January 2007 11:39, you wrote:
> Sherman Lilly wrote:
> > I have spam getting through that would get filtered if they were not
> > getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist
> > but no of these spam email have anything close to my wh
1 - 100 of 130 matches
Mail list logo