Ben, You may want to try using the "whitelist_from_rcvd" function rather than just bare "whitelist_from". I got confused on this issue myself, but 2.60 added that new function specifically to stop this kind of abuse, Using whitelist_from_rcvd will check the Received: headers as well as the From: address.
You can refer to the docs here: http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html#whitelist%20and%20blacklist%20options for the exact syntax and functionality of whitelist_from_rcvd, which is not identical to that of whitelist_from. If we had a FAQ, I would suggest this for one of the questions at this point. =) -- .''`. Daniel DeVoe <[EMAIL PROTECTED]> : :' : http://www.netset.com/~ddevoe `. `'` `- Debian - when you have better things to do than fix a system On Wed, 25 Feb 2004, Ben wrote: > Date: Wed, 25 Feb 2004 00:03:58 -0500 (EST) > From: Ben <[EMAIL PROTECTED]> > To: Keith C. Ivey <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: abusing the whitelist > > thanks for the response and the advice. unfortunately it's a mail > forwarding system that i'm part of that i'm trying to whitelist > (alumni email forwarding) so the mail is not actually local. i guess > i'll think about this more deeply. > > B > > On Tue, 24 Feb 2004, Keith C. Ivey wrote: > > > Ben <[EMAIL PROTECTED]> wrote: > > > > > the only reason why this got through was they put one of my email > > > address in the From, in quotes. i'm no RFC822 or whatever expert, but > > > that seems like it shouldn't get tagged by the USER_IN_WHITELIST test. > > > > Perhaps, but even if it didn't match addresses that weren't > > really addresses, the spammer could just as well have put your > > address in the "From:" line without quotes. In fact, I'd say > > that's a lot more common than the quoted version you're > > reporting. Whitelisting your own address, or any addresses at > > your domain, is generally a bad idea, since you will end up > > whitelisting a lot of spam. > > > > One alternative is to have mail that's actually from local > > users not go through SpamAssassin at all. The details of how > > to do that depend on your mail system. > > > > -- > > Keith C. Ivey <[EMAIL PROTECTED]> > > Washington, DC > > > > > >
